DoxPara Research
24-Dec-2002 / Dan Kaminsky Paketto Keiretsu 1.10: Advanced TCP/IP Toolkit

The Paketto Keiretsu is a collection of tools that use new and unusual strategies for manipulating TCP/IP networks. They tap functionality within existing infrastructure and stretch protocols beyond what they were originally intended for. It includes Scanrand, an unusually fast network service and topology discovery system, Minewt, a user space NAT/MAT router, Linkcat, which presents a Ethernet link to stdio, Paratrace, which traces network paths without spawning new connections, and Phentropy, which uses OpenQVIS to render arbitrary amounts of entropy from data sources in three dimensional phase space.

DoxPara Research is proud to announce the latest release of the Paketto Keiretsu, version 1.10. New in this release:

  • OpenBSD Support
  • Solaris (and Big-Endian) Support
  • "Distco" mode to Scanrand, for quickly discovering the distance to an arbitrary host. Fast RSTs don't reset the TTL, so RST TTL / 2 = average distance. We use a barren segment of the TTL range to detect and evaluate TTL reflection.
  • Many, many bug fixes
  • Merry Christmas! Happy Holidays!
More information in the Official Changelog.

With that out of the way...

Paketto uses Tom St. Denis' excellent cryptographic library, Libtomcrypt. Well written and well documented, it's a great package.

New documentation is available, at least in the form of an online presentation I delivered for Umeet 2002. The logs may be found at the Umeet website; they are available in not only English, but Spanish and Dutch. Cool!

Another Translation: Paketto Keiretsu: The Geek->English Better Than Babelfish Edition.

I've also updated my slides; here's what I was showing off at Hivercon. It is important to realize that Paketto does not yet implement all of the techiques I've discovered feasible, nor even that the above slides contains all that I'm scheming. I will say I plan to speak quite a bit in 2003, but that most of the stuff hasn't even been spoken of publically in any form. Whoot.

If you haven't seen Phentropy in action, high quality screenshots of OpenQVIS rendered output may be acquired here. Additionally, the following videos, while not representative of the latest results I've eked from the system, provide some sense of how useful motion is at clarifying the data.

Enjoy!

Access Archives
Mission
DoxPara Research exists as a repository for information security analysis, UI theory, and the miscellaneous writings of its founder, Dan Kaminsky.

Authorship

Writings
ZapMail Redux
RFID Security
The Absentee SIGGRAPH 2002 Review
Deaf and Dumb: A Critique
Speech Vs. Vision
Why Most Albums Suck
Tracing Smart Fridges
Password Rejected
Trinity Redux
Thoughts On Secure Deletion in 2001: Part 1
Thoughts On Secure Deletion in 2001: Part 2
On The Nature Of Data Shredding
Cryptography Doesn't Save Napster, and The War Over Parodies
Passfaces: An Intriguing Way To Authenticate
BugTRAQ-- Re: Security Hole in Win2K's FTP server

Security and Networking
Insecurity By Design: The Unforseen Consequences Of Login Script
TCP Chorusing in the Windows9x TCP/IP Stack
Vectorcast

Editorials
Core Competencies: Why Open Source Is The Optimum Economic Paradigm For Software
Mandatory Registration: Bad Business

User Interface Proposals
Analogous Key Arrays
Cluehunting