AOH :: HP Unsorted T :: BX2635.HTM

TCP/IP security vulnerability disclosed



TCP/IP security vulnerability disclosed
TCP/IP security vulnerability disclosed



This is a cryptographically signed message in MIME format.

--------------ms030604080002010607070106
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

Infiltrated Networks Vulnerability Disclosure
TCP/IP is broken

Overview TCP/IP

Transmission Control Protocol/Internet Protocol is the basic 
communication language or protocol of the Internet. It can also be used 
as a communications protocol in a private network (either an intranet or 
an extranet). When you are set up with direct access to the Internet, 
your computer is provided with a copy of the TCP/IP program just as 
every other computer that you may send messages to or get information 
from also has a copy of TCP/IP.

TCP/IP is a two-layer program. The higher layer, Transmission Control 
Protocol, manages the assembling of a message or file into smaller 
packets that are transmitted over the Internet and received by a TCP 
layer that reassembles the packets into the original message. The lower 
layer, Internet Protocol, handles the address part of each packet so 
that it gets to the right destination. Each gateway computer on the 
network checks this address to see where to forward the message. Even 
though some packets from the same message are routed differently than 
others, they'll be reassembled at the destination.

I. Description

TCP/IP uses the client/server model of communication in which a computer 
user (a client) requests and is provided a service (such as sending a 
Web page) by another computer (a server) in the network. TCP/IP 
communication is primarily point-to-point, meaning each communication is 
from one point (or host computer) in the network to another point or 
host computer.

By disconnecting the client between a connection, the server can no 
longer reach its destination thus breaking TCP/IP.

II. Impact

A remote or local attacker can unplug an ethernet cable, unplug a switch 
or router or bring down an interface and disrupt TCP/IP services.

III. Solution

We are currently working to develop and implement a new RFC labeled 
TCP/IP HOKE - Transmission Control Protocol/Internet Protocol Hamster 
Operated Kintec Energy.

TCP/IP HOKE will allow hamsters to act as a medium between an end users 
failed equipment (RJ45, Routers, etal).

http://www.infiltrated.net/spx/HOKE.jpg 

It is unnecessary to use relativistic mechanics (the theory of 
relativity as expounded by Albert Einstein) to calculate the kinetic 
energy created by little hamsters. We just know that if those fuzzy 
little rats run fast enough, they can generate enough kinetic energy for 
a brief duration of time. Long enough perhaps for an end user to replace 
an ethernet cable, reboot a router, etal.

Systems Affected
Every interconnected computer on the planet.

Credit:
Si4gT3F1ZW5kbyBzaWxAaW5maWx0cmF0ZWQubmV0Cg=
This document was written by an undercaffeinated engineer.
http://www.infiltrated.net/TCP-IP-HOKE.pimp 

If you have feedback, comments, or additional information about this 
vulnerability, please keep them to yourself.


-- 
===================================================J. Oquendo

SGFA #579 (FW+VPN v4.1)
SGFE #574 (FW+VPN v4.1)

wget -qO - www.infiltrated.net/sig|perl 

http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x3AC173DB 


--------------ms030604080002010607070106
Content-Type: application/x-pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature

MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIRDDCC
BIowggNyoAMCAQICECf06hH0eobEbp27bqkXBwcwDQYJKoZIhvcNAQEFBQAwbzELMAkGA1UE
BhMCU0UxFDASBgNVBAoTC0FkZFRydXN0IEFCMSYwJAYDVQQLEx1BZGRUcnVzdCBFeHRlcm5h
bCBUVFAgTmV0d29yazEiMCAGA1UEAxMZQWRkVHJ1c3QgRXh0ZXJuYWwgQ0EgUm9vdDAeFw0w
NTA2MDcwODA5MTBaFw0yMDA1MzAxMDQ4MzhaMIGuMQswCQYDVQQGEwJVUzELMAkGA1UECBMC
VVQxFzAVBgNVBAcTDlNhbHQgTGFrZSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5l
dHdvcmsxITAfBgNVBAsTGGh0dHA6Ly93d3cudXNlcnRydXN0LmNvbTE2MDQGA1UEAxMtVVRO
LVVTRVJGaXJzdC1DbGllbnQgQXV0aGVudGljYXRpb24gYW5kIEVtYWlsMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsjmFpPJ9q0E7YkY3rs3BYHW8OWX5ShpHornMSMxqmNVN
NRm5pELlzkniii8efNIxB8dOtINknS4p1aJkxIW9hVE1eaROaJB7HHqkkqgX8pgV8pPMyaQy
lbsMTzC9mKALi+VuG6JG+ni8om+rWV6lL8/K2m2qL+usobNqqrcuZzWLeeEeaYji5kbNoKXq
vgvOdjp6Dpvq/NonWz1zHyLmSGHGTPNpsaguG7bUMSAsvIKKjqQOpdeJQ/wWWq8dcdcRWdq6
hw2v+vPhwvCkxWeM1tZUOt4KpLoDd7NlyP0e03RiqhjKaJMeoYV+9Udly/hNVyh00jT/MLbu
9mIwFIws6wIDAQABo4HhMIHeMB8GA1UdIwQYMBaAFK29mHo0tCb3+sQmVO8DveAky1QaMB0G
A1UdDgQWBBSJgmd9xJ0mcABLtFBIfN49rgRufTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/
BAUwAwEB/zB7BgNVHR8EdDByMDigNqA0hjJodHRwOi8vY3JsLmNvbW9kb2NhLmNvbS9BZGRU
cnVzdEV4dGVybmFsQ0FSb290LmNybDA2oDSgMoYwaHR0cDovL2NybC5jb21vZG8ubmV0L0Fk
ZFRydXN0RXh0ZXJuYWxDQVJvb3QuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQAZ2IkRbyispgCi
54fBm5AD236hEv0e8+LwAamUVEJrmgnEoG3XkJIEA2Z5Q3H8+G+v23ZF4jcaPd3kWQR4rBz0
g0bzes9bhHIt5UbBuhgRKfPLSXmHPLptBZ2kbWhPrXIUNqi5sf2/z3/wpGqUNVCPz4FtVbHd
WTBK322gnGQfSXzvNrv042n0+DmPWq1LhTq3Du3Tzw1EovsEv+QvcI4l+1pUBrPQxLxtjftz
Mizpm4QkLdZ/kXpoAlAfDj9N6cz1u2fo3BwuO/xOzf4CjuOoEwqlJkRl6RDyTVKnrtw+ymsy
XEFs/vVdoOr/0fqbhlhtPZZH5f4ulQTCAMyOofK7MIIGOzCCBSOgAwIBAgIRAMfqAeameX/i
sgeI8/NqV8AwDQYJKoZIhvcNAQEFBQAwga4xCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJVVDEX
MBUGA1UEBxMOU2FsdCBMYWtlIENpdHkxHjAcBgNVBAoTFVRoZSBVU0VSVFJVU1QgTmV0d29y
azEhMB8GA1UECxMYaHR0cDovL3d3dy51c2VydHJ1c3QuY29tMTYwNAYDVQQDEy1VVE4tVVNF
UkZpcnN0LUNsaWVudCBBdXRoZW50aWNhdGlvbiBhbmQgRW1haWwwHhcNMDcxMDA5MDAwMDAw
WhcNMDgxMDA4MjM1OTU5WjCB2TE1MDMGA1UECxMsQ29tb2RvIFRydXN0IE5ldHdvcmsgLSBQ
RVJTT05BIE5PVCBWQUxJREFURUQxRjBEBgNVBAsTPVRlcm1zIGFuZCBDb25kaXRpb25zIG9m
IHVzZTogaHR0cDovL3d3dy5jb21vZG8ubmV0L3JlcG9zaXRvcnkxHzAdBgNVBAsTFihjKTIw
MDMgQ29tb2RvIExpbWl0ZWQxEzARBgNVBAMTCkouIE9xdWVuZG8xIjAgBgkqhkiG9w0BCQEW
E3NpbEBpbmZpbHRyYXRlZC5uZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8
zpfBTHvQbwRjwvlmxDVqHBsSibxsUusqWnCd4kE1JtjHKhsSjxh6josQjaR1nJCkEWRfCLFt
QVYscCELkDIKH8Mx4EVdowlPLCfI1hlkEqm12OW5QSHxaoUrKm67C1iuNuGzplSvVk1rhldt
rbtbWaXtK2GlAEvNdqfLzL1+LC9yVgfBKp+1mUys/uvkbL4Dg5u52qF8tCzCHbNmef1RxeEu
Wo+xPIDi6mf2zstfly0gPbTaFJ5910SKMZFfsLxTkwiqj6YzUQUKubirxqPNhWkeV0/V4Vjm
jrmrGQg45u3ZD2C8p/UjRuabtRIc6Tsuj3wVLhrOT1JghBt0FUibAgMBAAGjggIlMIICITAf
BgNVHSMEGDAWgBSJgmd9xJ0mcABLtFBIfN49rgRufTAdBgNVHQ4EFgQUz04jzdmRasnLL7o6
w4jwZBRdG3gwDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwIAYDVR0lBBkwFwYIKwYB
BQUHAwQGCysGAQQBsjEBAwUCMBEGCWCGSAGG+EIBAQQEAwIFIDBGBgNVHSAEPzA9MDsGDCsG
AQQBsjEBAgEBATArMCkGCCsGAQUFBwIBFh1odHRwczovL3NlY3VyZS5jb21vZG8ubmV0L0NQ
UzCBpQYDVR0fBIGdMIGaMEygSqBIhkZodHRwOi8vY3JsLmNvbW9kb2NhLmNvbS9VVE4tVVNF
UkZpcnN0LUNsaWVudEF1dGhlbnRpY2F0aW9uYW5kRW1haWwuY3JsMEqgSKBGhkRodHRwOi8v
Y3JsLmNvbW9kby5uZXQvVVROLVVTRVJGaXJzdC1DbGllbnRBdXRoZW50aWNhdGlvbmFuZEVt
YWlsLmNybDB8BggrBgEFBQcBAQRwMG4wNgYIKwYBBQUHMAKGKmh0dHA6Ly9jcnQuY29tb2Rv
Y2EuY29tL1VUTkFBQUNsaWVudENBLmNydDA0BggrBgEFBQcwAoYoaHR0cDovL2NydC5jb21v
ZG8ubmV0L1VUTkFBQUNsaWVudENBLmNydDAeBgNVHREEFzAVgRNzaWxAaW5maWx0cmF0ZWQu
bmV0MA0GCSqGSIb3DQEBBQUAA4IBAQAdvx2mw8YzR0ynfzcNeDSe3hr1RSJgB5ChBsh3llIh
Z7USEEVdExFuyxDZTO1ouXVP0vYliQvZZOKFk9pKvChXblqLt9dOYev5K48xKAOgcWkT1KpF
+08btQk8YSiga4LhomxvcVvp9IB1WrRnysuzoC0w71rF21okSBIbUdg8hJ7Q5uphTWlCPyxQ
G70JZnWpWvDY661h+XYlScA4hJiDpF8LQcBAXw7V9Y/j6CgK/wJxwSNt8dSvkfcsIZEigaE/
P67pozJyYfFn+mYg1j76lRCTLlI9xGl+6+SkViOMyVRwY+qjsCSgg5p0YXVwTnSsAyag72bO
aIyIclr4zAmZMIIGOzCCBSOgAwIBAgIRAMfqAeameX/isgeI8/NqV8AwDQYJKoZIhvcNAQEF
BQAwga4xCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJVVDEXMBUGA1UEBxMOU2FsdCBMYWtlIENp
dHkxHjAcBgNVBAoTFVRoZSBVU0VSVFJVU1QgTmV0d29yazEhMB8GA1UECxMYaHR0cDovL3d3
dy51c2VydHJ1c3QuY29tMTYwNAYDVQQDEy1VVE4tVVNFUkZpcnN0LUNsaWVudCBBdXRoZW50
aWNhdGlvbiBhbmQgRW1haWwwHhcNMDcxMDA5MDAwMDAwWhcNMDgxMDA4MjM1OTU5WjCB2TE1
MDMGA1UECxMsQ29tb2RvIFRydXN0IE5ldHdvcmsgLSBQRVJTT05BIE5PVCBWQUxJREFURUQx
RjBEBgNVBAsTPVRlcm1zIGFuZCBDb25kaXRpb25zIG9mIHVzZTogaHR0cDovL3d3dy5jb21v
ZG8ubmV0L3JlcG9zaXRvcnkxHzAdBgNVBAsTFihjKTIwMDMgQ29tb2RvIExpbWl0ZWQxEzAR
BgNVBAMTCkouIE9xdWVuZG8xIjAgBgkqhkiG9w0BCQEWE3NpbEBpbmZpbHRyYXRlZC5uZXQw
ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8zpfBTHvQbwRjwvlmxDVqHBsSibxs
UusqWnCd4kE1JtjHKhsSjxh6josQjaR1nJCkEWRfCLFtQVYscCELkDIKH8Mx4EVdowlPLCfI
1hlkEqm12OW5QSHxaoUrKm67C1iuNuGzplSvVk1rhldtrbtbWaXtK2GlAEvNdqfLzL1+LC9y
VgfBKp+1mUys/uvkbL4Dg5u52qF8tCzCHbNmef1RxeEuWo+xPIDi6mf2zstfly0gPbTaFJ59
10SKMZFfsLxTkwiqj6YzUQUKubirxqPNhWkeV0/V4VjmjrmrGQg45u3ZD2C8p/UjRuabtRIc
6Tsuj3wVLhrOT1JghBt0FUibAgMBAAGjggIlMIICITAfBgNVHSMEGDAWgBSJgmd9xJ0mcABL
tFBIfN49rgRufTAdBgNVHQ4EFgQUz04jzdmRasnLL7o6w4jwZBRdG3gwDgYDVR0PAQH/BAQD
AgWgMAwGA1UdEwEB/wQCMAAwIAYDVR0lBBkwFwYIKwYBBQUHAwQGCysGAQQBsjEBAwUCMBEG
CWCGSAGG+EIBAQQEAwIFIDBGBgNVHSAEPzA9MDsGDCsGAQQBsjEBAgEBATArMCkGCCsGAQUF
BwIBFh1odHRwczovL3NlY3VyZS5jb21vZG8ubmV0L0NQUzCBpQYDVR0fBIGdMIGaMEygSqBI
hkZodHRwOi8vY3JsLmNvbW9kb2NhLmNvbS9VVE4tVVNFUkZpcnN0LUNsaWVudEF1dGhlbnRp
Y2F0aW9uYW5kRW1haWwuY3JsMEqgSKBGhkRodHRwOi8vY3JsLmNvbW9kby5uZXQvVVROLVVT
RVJGaXJzdC1DbGllbnRBdXRoZW50aWNhdGlvbmFuZEVtYWlsLmNybDB8BggrBgEFBQcBAQRw
MG4wNgYIKwYBBQUHMAKGKmh0dHA6Ly9jcnQuY29tb2RvY2EuY29tL1VUTkFBQUNsaWVudENB
LmNydDA0BggrBgEFBQcwAoYoaHR0cDovL2NydC5jb21vZG8ubmV0L1VUTkFBQUNsaWVudENB
LmNydDAeBgNVHREEFzAVgRNzaWxAaW5maWx0cmF0ZWQubmV0MA0GCSqGSIb3DQEBBQUAA4IB
AQAdvx2mw8YzR0ynfzcNeDSe3hr1RSJgB5ChBsh3llIhZ7USEEVdExFuyxDZTO1ouXVP0vYl
iQvZZOKFk9pKvChXblqLt9dOYev5K48xKAOgcWkT1KpF+08btQk8YSiga4LhomxvcVvp9IB1
WrRnysuzoC0w71rF21okSBIbUdg8hJ7Q5uphTWlCPyxQG70JZnWpWvDY661h+XYlScA4hJiD
pF8LQcBAXw7V9Y/j6CgK/wJxwSNt8dSvkfcsIZEigaE/P67pozJyYfFn+mYg1j76lRCTLlI9
xGl+6+SkViOMyVRwY+qjsCSgg5p0YXVwTnSsAyag72bOaIyIclr4zAmZMYIEUzCCBE8CAQEw
gcQwga4xCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJVVDEXMBUGA1UEBxMOU2FsdCBMYWtlIENp
dHkxHjAcBgNVBAoTFVRoZSBVU0VSVFJVU1QgTmV0d29yazEhMB8GA1UECxMYaHR0cDovL3d3
dy51c2VydHJ1c3QuY29tMTYwNAYDVQQDEy1VVE4tVVNFUkZpcnN0LUNsaWVudCBBdXRoZW50
aWNhdGlvbiBhbmQgRW1haWwCEQDH6gHmpnl/4rIHiPPzalfAMAkGBSsOAwIaBQCgggJjMBgG
CSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTA4MDQwMTEyMDU1OVow
IwYJKoZIhvcNAQkEMRYEFAGPkkonHAbQh5YEQ8sOzQYbFXiCMFIGCSqGSIb3DQEJDzFFMEMw
CgYIKoZIhvcNAwcwDgYIKoZIhvcNAwICAgCAMA0GCCqGSIb3DQMCAgFAMAcGBSsOAwIHMA0G
CCqGSIb3DQMCAgEoMIHVBgkrBgEEAYI3EAQxgccwgcQwga4xCzAJBgNVBAYTAlVTMQswCQYD
VQQIEwJVVDEXMBUGA1UEBxMOU2FsdCBMYWtlIENpdHkxHjAcBgNVBAoTFVRoZSBVU0VSVFJV
U1QgTmV0d29yazEhMB8GA1UECxMYaHR0cDovL3d3dy51c2VydHJ1c3QuY29tMTYwNAYDVQQD
Ey1VVE4tVVNFUkZpcnN0LUNsaWVudCBBdXRoZW50aWNhdGlvbiBhbmQgRW1haWwCEQDH6gHm
pnl/4rIHiPPzalfAMIHXBgsqhkiG9w0BCRACCzGBx6CBxDCBrjELMAkGA1UEBhMCVVMxCzAJ
BgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0IExha2UgQ2l0eTEeMBwGA1UEChMVVGhlIFVTRVJU
UlVTVCBOZXR3b3JrMSEwHwYDVQQLExhodHRwOi8vd3d3LnVzZXJ0cnVzdC5jb20xNjA0BgNV
BAMTLVVUTi1VU0VSRmlyc3QtQ2xpZW50IEF1dGhlbnRpY2F0aW9uIGFuZCBFbWFpbAIRAMfq
AeameX/isgeI8/NqV8AwDQYJKoZIhvcNAQEBBQAEggEAFzjv4RnX+6KErRurRtoGdHdrGuHt
Iw16L76FeiXGW1NZSHQ2kCIyj9EXt958gOtT/ThCxyBxApAGzUB5VAEGQsLmwtYamVb1YWKJ
MbT7boxYvEGWKqWcSaB2+nCR92QuaDCKh+14bqHaUpmiBA6daSOXHY+4+l93tG5KsRdTrlus
DjKzGTVbywNqmqiSFsWi7tx7x34c3lFGUYhWtQRy07kwJ646h5HdxpRtms/EQxwZjNXOnoTL
jpT9eue/90tMYrXC5GNQ3+M9XrZzPwFVQdjBXpzltOYEV7GlFUzQxo1QPbotQbESETdwxjYU
x7gMrrKfpjJcqRKuOiwjQFQBUwAAAAAAAA=--------------ms030604080002010607070106--

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.