Vulnerability Development mailing list archives
Re: Kill the DOG and win 100 000 DM
From: "Jeffrey W. Thompson" <thompson () ARGUS-SYSTEMS COM>
Date: Tue, 14 Nov 2000 12:50:34 -0600
Link, To answer your question in regards to labels travelling across the network. On the hacking system the label does in fact travel over internal connections (we disabled this feature for external connections). This label is taken by inetd and used to set a level up before in.telnetd is launched. It is possible for in.telnetd to find out what this label is, but in.telnetd has nothing to do with setting it up. If we did allow for external labels on packets, then it is possible for an external host to spoof its network label. However, this label must fall into the ranger as specified by the network rules. So if the network rules only allowed one label into port 23, then spoofing a label would buy you nothing. Otherwise, it can be useful. This is why we disabled labels over the wire. We also recommend to our customers that they do not use this feature unless they trust their network (either implicitly or via some VPNish type things). Did that make sense? Cheers, Jeff Jeff Thompson Software Evangelist and Visionary Argus Systems Group, Inc. Lincoln Yeoh wrote:
At 10:19 AM 11/10/00 -0600, Jeffrey W. Thompson wrote:Link, First off, cool nickname! :) I had a friend in college who went by Linky.Thanks. Some friends actually do call me Linky sometimes.I just looked at the rules page, and it looks like they were just going to give out one account. I can't say too much about this as I wasn'tinvolved inthe formation of this contest.That's ok. I think the rules were changed a bit, not sure when, could have been before the contest was actually launched. But anyway I just poked around a bit.In regards to your question about telnet'ing in from localhost, this will not work. The reason for this is that you MAC label (ie. TS ALL) is not TS ALL from your remote login. Thus when you telnet locally you will have yourlabeltravel with you through STREAMS and you will pick this up from the new in.telnetd that will be spawned. If you try and do a -e "TS ALL" you will simply be booted because the level you are coming in over the network at will not be TS ALL and thus you will fail. Ok, that was a twisted little piece of logic that requires some knowledge to understand.I think I get it - I've installed and done stuff with a few Cyberguard firewalls before. The reason I ask is, implementations are different and there could be a few interesting nuggets. But the part of your explanation I'd like more info is: the implication that the label will actually travel across the network and to the telnetd. I'd have figured the in.telnetd will just assume the default NETWORK label. If the label can actually pass across the network, that would be interesting.others are familiar with it), receives all security information from the process that sent it. Also, all data coming in from the network is marked at the network stack layer (specifically in IP) based on a set of preconfigured rules.Yep. That's why I asked specifically about localhost.4) If your process tries to telnet to the local machine its label will be on the stream and will be used in setting up that network connection. This will cause your connection to be at exactly the same level you are at.This part is where it gets interesting. Does that mean if you telnet to localhost, the labels can actually be specified to the telnetd? So if you can alter the packets somehow, the telnetd will believe you? e.g. What you seem to be saying is that: user (LEVELA)--telnet---network(LEVELA)--- telnetd (LEVELA). I was thinking it should be user(LEVELA)-telnet-network(no label/doesn't matter)-telnetd(NETWORK) and there would be a chance that in the contest setup the label would be different when connections are from 127.0.0.1 or some other IP. Also, there could be a chance that the telnetd could have a bug and set the wrong labels/limits, or be made to do that. Thanks, Link.
Current thread:
- Re: Kill the DOG and win 100 000 DM, (continued)
- Re: Kill the DOG and win 100 000 DM Michael Wojcik (Nov 09)
- Re: Kill the DOG and win 100 000 DM Sherrod, Andrew (Nov 09)
- Re: Kill the DOG and win 100 000 DM Ghory, Zeshan A (Nov 09)
- Re: Kill the DOG and win 100 000 DM Jeffrey W. Thompson (Nov 10)
- Re: Kill the DOG and win 100 000 DM Lincoln Yeoh (Nov 11)
- Re: Kill the DOG and win 100 000 DM Jeffrey W. Thompson (Nov 11)
- Re: Kill the DOG and win 100 000 DM Jay Tribick (Nov 11)
- Re: Kill the DOG and win 100 000 DM Jeffrey W. Thompson (Nov 11)
- Re: Kill the DOG and win 100 000 DM Lincoln Yeoh (Nov 11)
- Re: Kill the DOG and win 100 000 DM Mark (Nov 12)
- Re: Kill the DOG and win 100 000 DM Jeffrey W. Thompson (Nov 15)
- Re: Kill the DOG and win 100 000 DM Lincoln Yeoh (Nov 15)
- Re: Kill the DOG and win 100 000 DM Lincoln Yeoh (Nov 11)
- Re: Kill the DOG and win 100 000 DM Jay Tribick (Nov 11)
- Re: Kill the DOG and win 100 000 DM Jeffrey W. Thompson (Nov 11)