OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: 'ken'FTU
Date: Mon Oct 22 2001 - 19:07:06 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    The process occurs at the TCP level, ultimately. When the server
    validates the TCP checksum, it also validates whether or not the data in
    that packet contains a correct solution to the np-complete
    satisfiability problem. If the server replies, then that means it is a
    valid solution. If the machine outputting the packets to be validated
    either does not receive a reply (timeout) or receives a message that the
    checksum is not correct that packet does not contain valid solution.
    More specifically: Instead of taking your data and computing the
    checksum, one computes what the checksum to the answer should be and
    then inserts the data that needs to be tested. This basically makes TCP
    a data validator.

    The exploit occurs because I use your TCP/IP stack and CPU to validate
    checksums. Although you give me permission to use your TCP/IP stack for
    your service (HTTP or FTP) you do not give me permission to do my
    np-complete calculations. So basically, I use your processer without
    your permission.

    If this is incorrect, please feel free to correct me.

    'ken'

    Kurt Seifried wrote:

    > This raises some interesting question. If you connect to my server, can I
    > simply send back a disclaimer of some sort and then ask you to process
    > stuff? I.e. at what level? "By accessing this website you agree todownload a
    > java application that will run Seti home (to name one possible example)". A
    > reply ICMP ping packet containing the text followed by packets that require
    > the processing? What if you initiate a connection to me but because of
    > something I did, like I visit your website which results in your webserver
    > looking up in-addr-arpa info on my IP?
    >
    > I think it ultimately doesn't matter much, like many things people will
    > simply do it, and damn the consequences. Thus the onus (unfortunately) falls
    > onto the end user, much like anti-virus software, personal firewall,s
    > keeping software up to date, etc to protect themselves (rmemeber napster? my
    > ISP sent out email to the effect of "this is a warning, turn off napster if
    > you are not using it, otherwise we will cheerfully send you a large bill
    > when you blow your upload limit away. A lot of people were still surprised
    > and unhappy.). Even if it is a crime that won't stop people from doing it,
    > and unless large amounts of proovable damage are done you won't get law
    > enforcement very interested anytime soon.
    >
    > Kurt Seifried, kurtseifried.org
    > A15B BEE5 B391 B9AD B0EF
    > AEB0 AD63 0B4E AD56 E574
    > http://www.seifried.org/security/
    >
    >
    >
    >
    >