Frickin k1dz1es On Thu, Jan 19, 2012 at 01:22:35PM +1100, xD 0x41 wrote: > On 18 January 2012 09:45, Jan Wrobel <[email protected]> wrote: > > Hi, > > > > This TCP session hijacking technique might be of interest to some of you. > > > > Abstract: > > The paper demonstrates how traffic load of a shared packet queue can > > be exploited as a side channel through which protected information > > leaks to an off-path attacker. The attacker sends to a victim a > > sequence of identical spoofed segments. The victim responds to each > > segment in the sequence (the sequence is reflected by the victim) if > > the segments satisfy a certain condition tested by the attacker. The > > responses do not reach the attacker directly, but induce extra load on > > a routing queue shared between the victim and the attacker. Increased > > processing time of packets traversing the queue reveal that the tested > > condition was true. The paper concentrates on the TCP, but the > > approach is generic and can be effective against other protocols that > > allow to construct requests which are conditionally answered by the > > victim. A proof of concept was created to asses applicability of the > > method in real-life scenarios. > > > > The paper in ps and pdf is available at http://mixedbit.org and > > http://arxiv.org/abs/1201.2074 > > > > Proof of concept: https://github.com/wrr/reflection_scan > > > > Thanks, > > Jan > > > > _______________________________________________ > > Full-Disclosure - We believe in it. > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > > Hosted and sponsored by Secunia - http://secunia.com/ > > > Very cool :) > Thanks for showing this as a 'type' ofsequencing,id love to test this > with winBITS and see what makes a difference in there...but yea, nice > stuff from the snippets i have read and could comprehend without > making a packetting app :P hehe..great work, and great paper for ANY > hat to wear. > Might have to try it oneday and see if it is as effective as it seems! > great stuff tho, anything todo with bugs within TCP-IP stacks, should > be al;ways encouraged... thanks for the encouragement :-) > Cheers,and Ill maybe add more on this and another persons pi3.com.pl ) > tcp ip session hijacking, wich people have even said, is impossible... > i guess they should find and watch that video, or just ask the author > of the blog, to explain it more...nmaybe would have them something to > actually see as a 'p0c'.... anyhow, many thanks in your input and, > again any futher addons and appendices to the papers just, let the > list know, and ill makesure the topic maybe gets a better coverage, > as, this is also a topic many ppl called me a wanker on...or maybe one > of them :s megh, i dont count now,. i just read the msgs from 3 ppl > and delete the rest :) > best way to use fd, is to take what your iven, and stfu... i dont > know why somany ppl seem to call me this, whebn, i am only interested, > in bugs i can actually exploit...yet, somuch bullsh1t on this forum, > they have forgotten what a bug is, and,. what a poc is./....and now, > these are 'design flaws' lol....anyhow, pease keep up the ressearch, > we like it! Oh thats, the ppl like, 3 of ypou (maybe) who actually, > seem cool ;) > You also do, and your on a great topic, dont let idiots pick out any > flaws in anything on this subject, coz believe me, behind every > trolling ive been thru, that was the worst when i spoke about, methods > of hijacking tcp ip stack....and did not give out the poc...well, now, > the poc is available to see on video for those who are not idiots and > abuse, but actually, want to see it working :) > Ok, thats my 2bob, dont expect any answers, unless your a VERY well > known person, i will auto delete it, so, i hope to see you in my > channel, anytime online... and there, we could discuss ANYTHING :) > Why some of you are there, and see what i do, i guess are not the > haters on this list but, also, they get what 'theyre given' ,wich is > ALOTTTT in the cases where people are cool....so, i guess the moral of > the story is, dont smash the stack toooo hard.... > enjoy budddy, im probably one of few who would even understand it but > anyghow :P Thanks!I > Drew. > > PS: > NOT a top poster anymore, omg, whats this, not using Glow XD , what is > this, madness!! omg! > Seriously folks, you should all read more of people like this's work, > and then maybe, contribute some of your own frigging srcs, instead of > relying on ppl like kcope to fist fuck you, wich is fine bvy me :> i > hope he fucks this list over, nonstop till your arses bleed, but hey, > thats JUST me! love you all long fucking time arseholes, goto hell, > and dont even try taklkin to me, ever, if your not already in the addy > book, you will fkn known about it and oh, i CAN ddos you, and i WILL, > so, anytime you like to shit me, in private, and wish to test your > fwall, go hard, i dun care, i should say, we...but,. it really doesnt > matter, coz, i dont even have to press the buttons for the wankers who > have al;ready flamed me in past anymore, you will only feel what i > love best, TCP./IP and, possibly UDP! > Have a fucking GREAT day arsefucker. Oh and, lickers are cool so, no > offence there nor for them :) > PEACE TO YOU MOFOS // XD #HAXNET FUCKUALL > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/
-- ;s =; _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
