Re: PARASITIC COMPUTING - WHAT'S NEXT

From: brian.carvalho@verizon.net
Date: 10/23/01 

Date: Mon, 22 Oct 2001 19:28:49 -0700
Subject: Re: PARASITIC COMPUTING - WHAT'S NEXT
From: "brian.carvalho@verizon.net" <brian.carvalho@verizon.net>
To: Bartholomew Simpson <focusyne@yahoo.com>, <focus-ids@securityfocus.com>
Message-ID: <B7FA23F1.4EC%brian.carvalho@verizon.net>

Seems to me that they are just re-inventing the wheel...

Basically what they are telling you is that they can
bypass the TCP checksum and perform their own "computation"
without the target machine knowing. Well, every machine
on the internet already does this all the time, its called
"TCP CHECKSUM!!!"

On the topic of how this "revelation" works:

They state you can send forged packets to a target (a web
server for example) which contains a "computation" and
"possible answers" if an answer is found to be correct then
"computation checksum" is true and the request continues up
the TCP stream, if the possible answer fails, then the
packet is dropped. ...Guess what? That's TCP CHECKSUM,
just a different way of performing it.

On the topic of how this "revelation" can be used for
mass computing:

Surely there is a more efficiant way of performing computations
than to forge tons of TCP header info and deal with tons of
unnecessary traffic and dropped packets due to failed
"answers".

BC

> From: Bartholomew Simpson <focusyne@yahoo.com>
> Date: Mon, 22 Oct 2001 15:12:20 -0700 (PDT)
> To: focus-ids@securityfocus.com
> Subject: PARASITIC COMPUTING - WHAT'S NEXT
>
> Anyone interested in what could be a potential
> security issue in the future, should read this short
> paper.
>
> http://www.nd.edu/~parasite
>
> BS
>
> __________________________________________________
> Do You Yahoo!?
> Make a great connection at Yahoo! Personals.
> http://personals.yahoo.com

Quantcast