« PaulDotCom Security Weekly - Episode 17 - March 4, 2006 | Main | Scripting Nmap with NmapParse 1.0.5 »

PaulDotCom Security Weekly - Episode 18 - March 9, 2006

Live from the PaulDotCom Security Weekly Studio....

UPDATE: Video version has been added. NEW RULE: No more beer drinking during PaulDotCom Security Weekly TV. No really, I'm serious this time!

  • Sponsored by Core Security, listen for the discount code at the end of the show
  • Sponsored by Syngress, be the first to post the answer to the question at the end of the show and win a free book!
  • Please go update our frapper map!
  • Its not Twitchy's birthday this week
  • Smurf attacks are not so sweet
  • Our first audio comment!
  • Here are some good Bluetooth Links, Thanks Christian!
  • Hacking into voice mail, using good voice mail passwords
  • Please leave us feedback in the iTunes Store!
  • Detecting botnets from Sana Security, anyone using this product?
  • Full Show Notes

Don't forget to check out Larry's Blog,HaxorTheMatrix.com for coverage on the latest security and hacking news.

Hosts: Larry Pesce, Paul Asadoorian, "Twitchy"
Email: psw@pauldotcom.com

Direct Audio Download
Direct Video Download

(Bandwidth provided by OSHEAN, They do have supercow powers)

Video Feeds:

Audio Feeds:

Posted by Paul Asadoorian on March 10, 2006 10:41 AM |

Comments

According to http://www.ietf.org/rfc/rfc3514.txt the high-order bit of the IP fragment offset field should be set to 1 when the packet has evil intent.

Google was my friend - http://www.google.co.uk/search?q=evil+packet++bit

Posted by: Jon Barber | March 10, 2006 11:07 AM

In case above cannot be contacted...

"...high-order bit of the IP fragment offset field...

Currently-assigned values are defined as follows:

0x0 If the bit is set to 0, the packet has no evil intent. Hosts,
network elements, etc., SHOULD assume that the packet is
harmless, and SHOULD NOT take any defensive measures. (We note
that this part of the spec is already implemented by many common
desktop operating systems.)

0x1 If the bit is set to 1, the packet has evil intent. Secure
systems SHOULD try to defend themselves against such packets.
Insecure systems MAY chose to crash, be penetrated, etc."

http://www.ipa.go.jp/security/rfc/RFC3514EN.html
http://www.ietf.org/rfc/rfc3514.txt
http://archives.neohapsis.com/archives/ntbugtraq/2003-q2/0001.html

Posted by: Brakk | March 10, 2006 06:48 PM

Quote from rfc3514:
"If the bit is set to 1, the packet has evil intent. Secure systems SHOULD try to defend themselves against such packets. Insecure systems MAY chose to crash, be penetrated, etc."

Posted by: dawizard | March 11, 2006 06:10 AM

From RFC 3514

If the bit is set to 1, the packet has evil intent. Secure
systems SHOULD try to defend themselves against such packets.
Insecure systems MAY chose to crash, be penetrated, etc.

http://www.ietf.org/rfc/rfc3514.txt

Posted by: Perry | March 13, 2006 12:51 AM

Hi there,

About bluetooth. You can actually sniff traffic from a cell phone to a hand free bluetooth headset.

Also, there are cars out there that have bluetooth built-in so you can speak and keep your hands on the wheel. So you can easily sniff conversations from the bluetooth device.

You can check those links:

http://trifinite.org/trifinite_stuff_carwhisperer.html
http://www.digitalmunition.com/carwhisper-realtime.tar

Have a good day,

David

Posted by: David Belle-Isle | March 13, 2006 08:43 AM

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)