Part of the Transmission Control Protocol TCP specification RFC 1122 allows a receiver to advertise a zero byte window, instructing the sender to maintain the connection but not send additional TCP payload data. The sender should then probe the receiver to check if the receiver is ready to accept data. Narrow interpretation of this part of the specification can create a denial-of-service vulnerability. By advertising a zero receive window and acknowledging probes, a malicious receiver can cause a sender to consume resources TCP state, buffers, and application memory, preventing the targeted service or system from handling legitimate connections.
Category Archives: Networking
WiFi Protected Setup Flaw Can Lead to Compromise of Router PINs
WPS is a method for setting up a new wireless router for a home network and it includes a way for users to set up the network via an external or internal registrar. In this method, the standard requires a PIN to be used during the setup phase. The PIN often is printed somewhere on the wireless router or access point. The vulnerability discovered in WPS makes that PIN highly susceptible to brute force attempts.
via WiFi Protected Setup Flaw Can Lead to Compromise of Router PINs | threatpost.
“I noticed a few really bad design decisions which enable an efficient brute force attack, thus effectively breaking the security of pretty much all WPS-enabled Wi-Fi routers. As all of the of the more recent router models come with WPS enabled by default, this affects millions of devices worldwide,” Viehbock said in a blog post.
Managed DNS Advanced Feature:Active Failover
Datacenter and/or server failures are no fun for anyone, especially those responsible for website operations. If you’ve protected yourself by using Active Failover — an advanced feature available for DynECT Managed DNS users — your site will remain live and accessible without any of your visitors knowing the difference.
SunRPC beginner tips
RPC is extremely painful and there isn’t to much in the way of beginners resources.
via SunRPC beginner tips « ☠ I could not think of a blog title ☠.
Ostiary
If you leave such programs running all the time, you take the risk that someone is going to use an exploit on you before you have a chance to apply a patch. For some purposes, this is an acceptable – even necessary – tradeoff, but it would be nice to enable them only when actually needed, to minimize the risk. And for other purposes, ssh et. al. are overkill. Perhaps you only really need to remotely initiate a limited set of operations. In this case, you don’t need a shell prompt, just a way to securely kick off scripts from elsewhere.Enter ‘Ostiary’. It is designed to allow you to run a fixed set of commands remotely, without giving everyone else access to the same commands. It is designed to do exactly and only what is necessary for this, and no more. The only argument given to the command is the IP address of the client, and only if the authentication is successful.
via Ostiary.
Kenton’s Weekend Projects: LAN-party house: Technical design and FAQ
After I posted about my LAN-party optimized house, lots of people have asked for more details about the computer configuration that allows me to maintain all the machines as if they were only one. I also posted the back story to how I ended up with this house, but people don’t really care about me, they want to know how it works! Well, here you go!
via Kenton’s Weekend Projects: LAN-party house: Technical design and FAQ.
IEEE 802.3 Logical Link Control
IEEE 802.3 Logical Link Control.
The IEEE 802.3 standard for Ethernet defines an additional data link layer protocol called the Logical Link Control (LLC) protocol. This operates on top of the MAC protocol defined in the original Ethernet standard (the “Blue Book”).
4.3 Dealing with Static ARP Tables
If the LAN you are sniffing uses static ARP mapping, or retains ARP information for a very long time, normal ARP poisoning will not work because each host ignores any ARP Reply messages you send.
Arp Cache Poisoning and Packet Sniffing
Arp cache poisoning puts the attacker in position to intercept communications between the two computers. Computer A believes it is communicating with Computer B, but because of the poisoned arp table, the communication actually goes to the attacker’s computer. The attacker can then either respond to Computer A (pretending to be Computer B), or simply forward the packets to its intended destination, but only after the packet information is captured and logged for later use by the attacker. Likewise, the response from Computer B can be captured and logged by the attacker, who has also used Arp poisoning to make Computer B think the attacker’s computer is Computer A. This type of attack is known as Man in the Middle attack.
via Arp Cache Poisoning and Packet Sniffing – ADMIN | The resource for all system administrators.
Packet injection tool suite
Nemesis is a command-line network packet crafting and injection utility for UNIX-like and Windows systems. Nemesis, is well suited for testing Network Intrusion Detection Systems, firewalls, IP stacks and a variety of other tasks. As a command-line driven utility, Nemesis is perfect for automation and scripting.
Nemesis can natively craft and inject ARP, DNS, ETHERNET, ICMP, IGMP, IP, OSPF, RIP, TCP and UDP packets. Using the IP and the Ethernet injection modes, almost any custom packet can be crafted and injected.