Whew! Running through the prerelease audit, last 24 to 48 hours before I stamp this 1.0 and move onto more interesting things, like 1.1 and 1.2. Just stamped out an ugly but incredible obscure ICMP parsing bug, and in doing so almost completely removed that annoying Ethernet dependancy permeating even my L3 port scanner. Hopefully I'll be able to sneak some NAT2NAT code in under the buzzer, given that it's even more useful and bizarre than Yet Another Port Scanner.

I may just wait until after Paketto comes out, just so I'll have access to a real development environment. Yes folks, my code is finally stranger than my home network, and that's saying something.

But that's not the purpose of this post: Are you an administrator at a large school or company that tracks computer models and MAC addresses en masse, and has for several years? Mail me .

Test this. More later. Don't link here...yet :-)

Paketto Keiretsu 0.99 Black Hat Asia Prerelease

From Cyberian City, Singapore's only cybercafe that fails to suck :-)

The natives are getting restless.

Good :-)

Sneak Preview of one of the more straightforward projects. That's off a T1; internal scans would be a wee bit faster ;-)

Of course, if I wanted to stick to the straightforward, Paketto would be out by now. Be patient. I'm working on something...new...wrong...and completely obvious.

Disturbing Elegance, Out On Wednesday(maybe).

Paketto release has been delayed shortly, due to inclement network conditions at DefCon. Captain Obvious has no comment at this time.

On networks, as in most things, there is that which is possible, and there is that which is impossible. There is a line between the two, built on assumptions, thoughts, and precious few truths.

It's reasonable to argue that the definition of progress is in moving that line...by whatever cracked-out means happen to be available, as the case may be. Recently, I wrote significant portions of a book: Hack Proofing Your Network: Second Edition, from Syngress Press. Beyond finally documenting the massive hackery I've always been known to pull with OpenSSH, Syngress gave me the opportunity to research useful implications of spoofing techniques.

The result: On Saturday, August 3rd, 2002, I am delivering the following talk at Defcon X, in Las Vegas:

Black Ops of TCP/IP: Work NAT, Work. Good NAT. Woof

Communication under TCP/IP networks has become extraordinarily popular; still, there remains significant problems that as of yet have remained unsolved within its layered rules. So, lets break the rules, elegance (and possibly security) be damned. Signficant new techniques and code will be unveiled to answer the following questions:

A) Instant Portscan

Is it possible to discover instantaneously what network services have been made available, even on massive networks?
B) Guerrila Multicast

Is it possible to send a single packet to multiple recipients, using today.s multicast-free Internet?.
C) "NATless NAT"

Is it possible to share a globally addressable IP address without translating private IP ranges a la NAT?

Is it possible to allow incoming connections to an IP multiplexed in this manner?
D) NAT Deadlock Resolution

Is it possible to establish a TCP connection between two hosts, both behind NATs?

Various interesting uses of these new packet-level primitives should be discussed, and OpenSSH will trotted out as the method of bringing some degree of security unto the resulting chaos.

This talk (actually, an extended variant of it) was just delivered at the Black Hat Briefings USA 2002. In response to many requests for the actual code used to answer those questions(hint: the answer, in every case, is yes)...

I hereby announce the impending release of the Paketto Keiretsu, a flotilla of interesting tools and cross-linked techniques for achieving new and useful functionality from existing IPV4 networks. Public release will take place August 3rd, at 6PM, during the Defcon talk.

Slides will be made available immediately as well, along with papers. What, you want details? Come to Black Hat next time :-) 15-Mar-2002 The silence is almost over, the code is almost ready, and things are about to get interesting.

Time to play.

There I was, minding my own business, just trying to set up a PPTP VPN (is that a contradiction?) connection, when:

08-05-2001 18:46:16.59 - PPP : Received Control Packet of length: 33
08-05-2001 18:46:16.59 - Data 0000: c2 23 04 01 00 1f 49 20 | .#...I 
08-05-2001 18:46:16.59 - Data 0008: 64 6f 6e 27 74 20 6c 69 | don't li
08-05-2001 18:46:16.59 - Data 0010: 6b 65 20 79 6f 75 2e 20 | ke you. 
08-05-2001 18:46:16.59 - Data 0018: 20 47 6f 20 27 77 61 79 |  Go 'way
08-05-2001 18:46:16.59 - Data 0020: 2e 00 00 00 00 00 00 00 | ........
08-05-2001 18:46:16.59 - CHAP : Login failed: username, password, or domain was incorrect.

Once again, SLiRP ("the S stands for Style") reaffirms its badassness. Some things never change.

The Black Hat Briefings in Vegas for 2001 are almost over, and its been one hell of a time. This is the first year that I've presented(summary: OpenSSH taken way too far *laugh*), and despite some small technical difficulties, it went well--thanks to DT for giving me the opportunity! I'm finally becoming somewhat of a coder, as slow and painful an experience as it is (but then, I was trying to do flexible string parsing in C, not something trivial like embedding a SOCKS4 server in the OpenSSH client...). About bloody time doesn't begin to cover it. (Kids--there's nobody more ignored than an armchair hacker. Remember that.)

As promised, I'm making the slides available -- they should be converted to HTML "soon"; I've discovered that PowerPoint is alas yet another roach motel of a file format. *sigh* If you missed the talk, hitch a plane to Vegas because it's happening again on Sunday--though considering it's the morning after everyone's last night in Vegas, I expect about three sober people in the audience.

I'll be making a reasonably major release at Defcon--the proof of concept is done, but I want to port it to a few different platforms and write up an analysis of the attack. In the meantime, enjoy:

1. Gateway Cryptography: Hacking Impossible Tunnels through Improbable Networks with OpenSSH et al.

Incidentally--anyone who does anything without crypto at Defcon is flat out screwed.

In other news--I've been walking around on a pair of wheeled shoes. Damn they're slick; I just wish I wasn't still limping from that unfortunate incident with the whiteboard.

Don't ask.

Wow.

Now, I do want to say that systems like TellMe Networks, and VoiceXML itself are actually quite cool, if a slight bit non-obvious how to program. TellMe's systems actually incorporate non-trivial amounts of speech recognition technology, which from what I can tell works on occasion.

But.

Sometimes I want to talk to a travel agent. Sometimes I want to fill in a few web forms. But let me tell you, I'm not optimistic about the future of talking to a web form*.
Some analysis to chew on:

1. Speech Vs. Vision: A quick summary of my information transfer theory.
2. Deaf and Dumb: A Critique. An application of the previous document to the standard Telephone Registration Systems at many college universities. Send me feedback.

Incidentally: Would someone *please* create a trivial HTML->VoiceXML translator? I can't wrap my brain around using a document format for a procedural language just quite yet.

It's been a while--too long. Following with my standard practices of:

1. Living a life as annoyingly unpredictable as possible
2. Doing anything not to go to sleep
3. Eventually injecting personal information into some manner of technical tour-de-"force" that was once going to remain pure
4. Cross-pollinating information and argumentation from as many directions as possible.

...I've decided to be a bit more open on DoxPara Research(TM)(C)(R)(whatever).

I think the theme of the moment is Chemotherapy. Chemo is generally the standard treatment path taken for cancer patients, and effectively involves ingesting poisons that (hopefully) harm tumors more than healthy tissue. For all the power of modern medicine, one can easily imagine many traditional healing mechanisms operating in a similar manner.

I think of Chemo for several reasons. Years ago, in high school, our principal gained some notoriety for accusing the class below us of being, "the cancer of this school". Myself, my friends, my roommates, we've all experienced the artifically enchanced growth of technology, benefitted from it, grown from it...but one wonders whether our growth was hijacked--or even forged--from the fires of greed, fraud, and simple opportunism.

There are no conspiracies, merely business plans.

It is undoubtable that some consider us a cancer; the ease of mass publication, thought clearly overstated by many and surprisingly dependent upon the donations(*cough* investments and advertisements) of a few, has had undeniable effects--effects that are probably being used to justify the further agglomeration of media power.

And yet, once again, chemicals exist to handle such paranoia well...

We spend billions every year on depressants...and billions every year on antidepressants. Just as long as we continue spending billions every year, the system works.

BioTech: Kinda like tech, only with vast, cavernous pits of capital contributed by every major and minor company, individual, and government agency by mass mandate. Unlike Tech, people can't be rebooted.

I must sleep. I will have to discuss my luminescent chemical adventures at another date. I will however suggest the following two experiences for the brave(/bored/searching/seeking intrigue):

1. Memento. There is a simple concept: You are who you remember yourself to be. What happens when memory goes? This dislinear film--it begins with the movie's logical conclusion, and ends with its chronological initiation--is not to be missed, and ironically enough--cannot be forgotten.
2. The Longest Journey. This PC game isn't new(it came out almost a year ago). It's of a surprisingly "ancient" genre("the point and click adventure game"). I'm not even done with it. But it's amazingly intricate, surprisingly polished, and...hilarious at times. (Never mess with the Fair Use Bureau. They're authorized to use Deadly Force.)

I won't normally have updates this vast. But it's my playground, so they're my rules to break.

Visitors from my ever-so-illustrious Accounting One class... Version 0.1 of Accounting Notes. Everyone else...I've got some pretty interesting plans for creating one of the first environments for massively distributed, universally accessable, true cooperative learning. Got ideas? Want more info? Want to help? Mail me.

Never underestimate the power of thirty people studying the same thing at the same time.

(More on this below)

"It's so crazy, it just might work."

OK, sure, it might not. But at the end of the day, you're at least left with a hell of a story to tell. Perhaps that's the point-- To know yourself by the stories that you forge...and if there's one thing we've learned from Reality TV, it's that the more ridiculous the true story...the more fun it is laugh about later.

Some recent writings:

• Why Most Albums Suck. P.T. Barnum's great-great-great-grandcustomer shows up in my email box. I say Hi.
• Tracing Smart Fridges. It's hard to name a more laughable concept than intelligent refrigerators. So why is there such a push for them? History.
• Password Rejected: A Crypto Perspective. My attempt at explaining how passwords actually work, in response to a painfully wrong complaint about their misuse.

Question: What do you get when you combine:

1. Millions of students addicted to Napster
2. Millions of soon-to-be-college-freshmen itching to join the high speed P2P revolution--and bitter that they missed so much of it.
3. Advanced technology to allow decentralized search and retrieval of arbitrary information
4. Easy to use collaborative environments for building web sites
5. A dearth of available and highly skilled notetakers for college classes, combined with third party resellers becoming the only source of such notes
6. A near-complete lack of well-summarized study material to accompany textbooks
7. Extraordinary textbook costs
8. Fair Use
9. Work that's going to be done anyway...quarter, after quarter, after quarter...that seems to evaporate entirely.
10. Information Wants To Be Free
11. Information Wants To Live Forever

Teachster. It's coming. More on this later.

Hmmm.

Given the amount of press that Ye Olde Napster seems to dredge up for its sins, one would thing more attention might be paid to how hyperactively reshared mass media has become. There are still authoritative sources of high quality news, but more and more I'm realizing that the "online experience" of that news might actually be less fulfilling than the "dead tree product".

After all, it may a pain to dispose of the newspaper, but:

1. It can't be ignored(or more accurately, ignore it for a few days and it piles up, reminding you of your own wastefulness).
2. It can't be unpublished, and it *will* be archived.
3. It's much easier on your eyes(if not your arms), meaning you read more.
4. There's an actual profit model. (sigh)

That being said, there are some truly unique things that the net really does enable. Usually, the more domain specific a given piece of work is, the harder it is to acquire(since the generalized stores won't waste space on what appeals to very few). The net alleviates that, but suffers a different problem: Due to the lack of a profit model, after a certain point, it's all too easy for a site to simply not scale to large amounts of traffic and to have no way of improving scalability. This was the problem the absolutely incredible ZZZ Online faced, after being temporarily(but repeatedly) raised from a slightly obscure but technically unparalleled journal of upcoming technologies to a "geek mass market" Slashdot destination. They lost their provider as a result of the crushing load--an embarassment of riches, if anyone was actually getting rich!

Honestly, there's a decent question of whether traditional unicast methodologies(even when multiplied by highly distributed middlemen) actually can or should be made to scale to broadcast-sized audiences. P2P will inevitably be sold to the few remaining VC's with money to burn as the solution to these problems, and indeed leveraging network locality of one's clients while maintaining stream integrity is very likely to be an effective strategy...at least until high speed upload at the client side becomes buried by provider centralization and possibly legal challenges(i.e. "why would anyone want to send data that they didn't steal from us?").

In the end, it's going to be Yet Another Battle, with the "Consumer Movement" probably winning more converts from the "Napster Constituency" than they ever imagined.

Today's imports from my Illustrious Past(TM) center around the surprisingly difficult process of file deletion. While much more difficult than "computer whizzes on teevee" make it seem, there's quite a few things that make deletion of data extraordinarily difficult--and this is before "owner distrust" systems start getting deployed en masse.

Yes folks, it's hard enough to delete something even when your hardware is not actively conspiring against you.

1. Thoughts On Secure Deletion in 2001: Part One and Part Two.
2. On The Nature Of Data Shredding: A possible implementation strategy for a reasonably effective data shredder is mentioned.

One of the classic rules of information security is as follows:

Bad security is worse than no security. With bad security, you think you're safe. With no security, you know you're not--and act accordingly.

What's interesting is how much this applies to user interface concerns as well. Occasionally, Windows will simply fail to execute simple copy-and-paste correctly. It's not so common that it prevents me from using it entirely (which, incidentally, is a horribly damaging attack against an IT infrastructure--break things so often that people refuse to trust and receive value from *anything* out of IT), but it's not so rare that I can ignore it as a random bug. It's essentially stuck in that middle ground, where I have to accept and suffer through it, all the while experiencing much more frustration than if I just consistently retyped the text myself.

This is not just idle chatter. More and more, I'm realizing the effects of user frustration are a key tool in understanding everything from cryptographic deployment(Sporadic SSL vs. Universal IPSec) to Desktop UI's to the farce of "Secure" Digital Music that breaks on a whim.

More on this another time.

Napster is under pretty serious attack by the 9th Circuit, but is apparently only being held liable for its directory--they refuse to force Napster to examine actual content. The most interesting response comes from the Consumer Electronics Association, which essentially makes its money by adding features Hollywood didn't realize they could charge for.

I've got more to say on all that, but for now, I'm just putting up three documents:

1. Cryptography Doesn't Save Napster, and the War Over Parodies. A post to Jim Griffin's Pho list that semi-repudiates a consistent urban legend about the power of crypto--and asks the question: What if the only Britney Spears song you could find on Napster was of her singing about silicone implants? Would it matter?
2. Passfaces: An Intriguing Way To Authenticate. I'm actually impressed. I started writing a pretty extensive rebuttal to this technology, only to find out it actually worked pretty well! Amazing when people actually test their technology before deploying it!
3. BugTRAQ-- Re: Security hole in Win2K's FTP server What makes a security hole a security hole? An older post which attempts to analyze this question.

Mental note: Never, ever, design a website in a propietary development environment again. I finally grok the genuine clue behind XML: EXPLICIT STATE. No more "oh, that's that way because it's the 839th bit with two NULLs" before it. No more "it's that way because the operation eighty cycles ago was a NOP." Forget eXtensible, or eXtreme, or whatever. XML is explicit, headache free state management.

Why do I say all this? Because I'm presently going through some ridiculous hacks to extract the structure out of data formatted by NetObjects Fusion. So far, the best method seems to be:

• Use lynx -dump -nolist to create a reasonably legible text version of my documents. It's not as utterly beautiful as links, which has suffered for no other reason than its homonymous with lynx, but it's got a dump mode which I haven't hacked into links yet.
• Use txt2html to intelligently extract the structure that lynx found from the original "fused" document into reasonably simple HTML.
• If necessary, use html2txt to convert back into text, and use the RAW mode David gave me to automatically emit a paragraph tag any time two carriage returns are detected in sequence.
• Manually add the various images, boldfaces, italicizations, and preformatting tags as needed.

This is of course, as they say in the industry, a ridiculous hack that barely has enough elegance to be mentioned in public, but it works. And in the end...that's more than some people can say(sigh).

After an extended hiatus, I'm finally taking the effort to update the DoxPara Research website. Since last update, I've become much more focused on issues surrounding cryptography, information security, and much more. I'm in the process of migrating content into this new infrastructure; archives of my public writings should be available shortly.

I of course have to thank my housemate, the inimitable David Weekly. Beyond managing to be one hell of a hacker, MP3 Guru, and overall most-connected-geek-on-the-planet(trust me), David has singlehandedly revived doxpara.com through the wonders of PHP.

Some further information about what I've been up to: I work at Cisco Systems nowadays; it's a fascinating and very supportive environment to say the least. I was published in Ryan Russell's "Hack Proofing Your Network: Internet Tradecraft", where I wrote extensively on the theory and structure of Identity Spoofing attacks. If all goes well, I'll be speaking at SANS 2001 about ridiculously cool ways to use OpenSSH. Past that...well, I'll update the site as it happens.