Stealth Computing Abuses TCP Checksums

georgemw at speakeasy.net georgemw at speakeasy.net
Sun Sep 2 10:46:57 PDT 2001 

On 2 Sep 2001, at 9:37, Tim May wrote:


> > Since I haven't noticed anyone else point this out (apologies for
> > my redundancy if I just somehow missed it),  it's worth mentioning
> > that the original result was more of a "gee whiz,  it's interesting we
> > can do this in principle" type of thing than an actual threat of
> > something anybody would ever actually do. Yes, you can trick a
> > remote host into performing calculations for you with a specially
> > prepared message, but it requires a hell of a lot more effort to
> > prepare the message than it would to perform the calculation
> > yourself.
> 
> 
> Why would you think this is always so?
> 

Gut hunch.

> It would not take much effort to arrange a computation that consumed a 
> lot of CPU cycles and returned a result, once one has gotten access to a 
> remote machine. The case of the corportate employee using machines he 
> could access to compute a screensaver/P2P job for a possible winning 
> payoff comes to mind. Granted, he may have had permissions to access 
> these machines, but the general point is that someone who got past these 
> permissions could have done the same compute-intensive thing.
> 

I was referring to the specific type of exploit where the
"parasite" is abusing the TCP checksum. I suspect the
same result is likely to hold with attempts to exploit
other protocols.

Obviously, if an attacker "owns" your machine, that's a
completely different kettle of fish.


> I see no reason to believe that "it requires a hell of a lot more effort 
> to
> prepare the message than it would to perform the calculation
> yourself."
> 
> Sometimes it does, sometimes it doesn't.
> 
> 

Right, and I suspect I have a fair idea which is which.  If you can
get a remote host to execute arbitrary code, with loops and 
branches, or to evaluate complicated functions, then it may be
worth your while to do it.  If all you can do is get it to add up a list of
numbers, then it's almost certainly going to be easier to just do
the addition yourself. If there's also a bunch of extra effort required 
to turn an abstract problem into a series of addition problems,
the advantage of solving the problem yourself (without this 
intermediate step) is even greater.

George 


> --Tim May

More information about the cypherpunks-legacy mailing list