Courses:

Offensive Countermeasures: The Art Of Active Defense: SANSFIRE June 15-16, Blackhat USA July 27-28 & 29-30


Conferences:

Check out the entire PaulDotCom crew at BsidesRI June 14-15th!



Subscribe:

Blog:
Videos:
Podcast:


PaulDotCom EspaƱol


Hack Naked TV


Hack Naked At Night


Stogie Geeks


Sponsored By:


www.coresecurity.com


www.tenablesecurity.com


www.sans.org



Follow Us On:


twitter.com/pauldotcom

PaulDotCom YouTube Channel


PaulDotCom Security Weekly - Episode 18 - March 9, 2006

By
Paul Asadoorian
on March 10, 2006 10:41 AM | | Comments (5)

Live from the PaulDotCom Security Weekly Studio....

UPDATE: Video version has been added. NEW RULE: No more beer drinking during PaulDotCom Security Weekly TV. No really, I'm serious this time!

  • Sponsored by Core Security, listen for the discount code at the end of the show
  • Sponsored by Syngress, be the first to post the answer to the question at the end of the show and win a free book!
  • Please go update our frapper map!
  • Its not Twitchy's birthday this week
  • Smurf attacks are not so sweet
  • Our first audio comment!
  • Here are some good Bluetooth Links, Thanks Christian!
  • Hacking into voice mail, using good voice mail passwords
  • Please leave us feedback in the iTunes Store!
  • Detecting botnets from Sana Security, anyone using this product?
  • Full Show Notes

Don't forget to check out Larry's Blog,HaxorTheMatrix.com for coverage on the latest security and hacking news.

Hosts: Larry Pesce, Paul Asadoorian, "Twitchy"
Email: psw@pauldotcom.com

Direct Audio Download
Direct Video Download

(Bandwidth provided by OSHEAN, They do have supercow powers)

Video Feeds:

Audio Feeds:

Categories:

5 Comments

By Jon Barber on March 10, 2006 11:07 AM

According to http://www.ietf.org/rfc/rfc3514.txt the high-order bit of the IP fragment offset field should be set to 1 when the packet has evil intent.

Google was my friend - http://www.google.co.uk/search?q=evil+packet++bit

By Brakk on March 10, 2006 6:48 PM

In case above cannot be contacted...

"...high-order bit of the IP fragment offset field...

Currently-assigned values are defined as follows:

0x0 If the bit is set to 0, the packet has no evil intent. Hosts,
network elements, etc., SHOULD assume that the packet is
harmless, and SHOULD NOT take any defensive measures. (We note
that this part of the spec is already implemented by many common
desktop operating systems.)

0x1 If the bit is set to 1, the packet has evil intent. Secure
systems SHOULD try to defend themselves against such packets.
Insecure systems MAY chose to crash, be penetrated, etc."

http://www.ipa.go.jp/security/rfc/RFC3514EN.html
http://www.ietf.org/rfc/rfc3514.txt
http://archives.neohapsis.com/archives/ntbugtraq/2003-q2/0001.html

By dawizard on March 11, 2006 6:10 AM

Quote from rfc3514:
"If the bit is set to 1, the packet has evil intent. Secure systems SHOULD try to defend themselves against such packets. Insecure systems MAY chose to crash, be penetrated, etc."

By Perry on March 13, 2006 12:51 AM

From RFC 3514

If the bit is set to 1, the packet has evil intent. Secure
systems SHOULD try to defend themselves against such packets.
Insecure systems MAY chose to crash, be penetrated, etc.

http://www.ietf.org/rfc/rfc3514.txt

By David Belle-Isle on March 13, 2006 8:43 AM

Hi there,

About bluetooth. You can actually sniff traffic from a cell phone to a hand free bluetooth headset.

Also, there are cars out there that have bluetooth built-in so you can speak and keep your hands on the wheel. So you can easily sniff conversations from the bluetooth device.

You can check those links:

http://trifinite.org/trifinite_stuff_carwhisperer.html
http://www.digitalmunition.com/carwhisper-realtime.tar

Have a good day,

David