Seem familiar? It is HTTP. The Hos there is just a broken packet, but it will
say: Host: 123.45.67.89\r\n\r\n, just like HTTP/1.1, I'm sure you already know.
Their response:
ICY 200 OK
icy-notice1: <BR>
Except that the response isn't exactly HTTP. The first line looks similar to
HTTP. The second line is trying to be HTTP, but it's not. It just throws mp3
data after that.
Ices is a stream provider for Icecast. I don't have a dump for it, but the
specs are pretty simple, authentication via HTTP, then it uploads the mp3s in
realtime.
xjdic is pretty sweet. Check it out. It uses UDP and is very sexy (as sexy as a
language dictionary can be). The first packet checks what dictionaries exist.
The second packet does the search. Each packet after that searches with an
incremented index to get the next match. I was able to implement the client in
PHP (a webpage) in about 8 hours of coding and debugging. It was very sweet.
My website has a Japanese-English dictionary on it. How many of those do you
see? That's the topic of another talk I plan to give. You can use it at
suzy.altsci.com/xjdic1.php.
Feel free to use the SSL on that. The only thing you have to worry about is
when I check my server logs.
avrdude uses a few protocols to talk to AVR (a RISC microcontroller running at
16 MHz). The "network" it uses is a serial cable. The protocol it uses is
hardware based, so most people don't even think of it as a protocol. Well, when
you're using AVRs for advanced communication, everything is a protocol, even the
communication between the uC and the RAM. Beleive me.
Parallel computing is a very cool place to use protocols. It is important that
the protocol use absolutely every possible speed up to get the most performance
and the fewest ugly errors. I have only worked on one parallel processing
project and it was fun as heck. You retrieve a set of data from the server
using HTTP protocol. The server gets the data from the database with the MySQL
protocol. You send the file to the program and it returns a string. You send
the data back to the database with the HTTP protocol. Pretty simple, right?
KISS: Keep It Simple, Stupid. It is your friend and ally against the horrible
heisenbugs that exist in protocol development. Most massive parallel multi-
processing projects (MPMPP) scoff at HTML and MySQL, but the truth is that
the best physicists are running C++/Python/Java code with very generic low
security protocols on their big projects. NASA and CERN are getting breached by
protocol hackers all the time. I'm at the point where I look at the cutting
edge protocols that people aren't using for vulnerabilities and 4 years later,
Intuit is using them. No, I'm not kidding.
Subversion is cool because it lives above the protocol it uses. It does have
it's own protocol though. It's fun and interesting. How do we look at it? Well,
since I use svn+ssh, we can't. Hooray! A simple protocol on top of a secure
protocol, shiny. That doesn't mean that people can implement it improperly
(Apache mod, svnserve) and that is where those higher level protocol 0wnz come
from. If you work for a company and you're using version control, tell the
fuckers to secure that shit down. I just fixed half of my own svn vulnerability
a while back. Here's the exploit: http://suzy.altsci.com/.svn/entries
Owch, sensitive data totally 0wned.
Rdesktop is very cool. Microsoft implemented it. It's compressed and encrypted.
I imagine that there are a dozen buffer overflows in it. I just haven't looked.
There is an open source client. Here's what it sends. It's encrypted, so don't
expect to see the middle finger through the fluttering fingers at the moment.
x11 is an uncompressed, unencrypted network protocol. WTF? The only saving
graces of this is that it can be easily compressed and encrypted with SSH
(which is totally sweet), and it works well over LAN. Why did Unix people
implement a poor protocol? Because it's raw. It's supposed to be used in two
circumstances: local (uh, yeah, every local linux/bsd GUI is running X11) and
LAN where you are r0xx0ring a few of your boxen at a time. Don't compare this
to rdesktop over DSL. It isn't fair.
VNC is a comparable protocol to Rdesktop. It is very compressed and can be
encrypted with SSH (which is totally awesome). It still isn't as good as RDC,
but it is free, so you should be down with it.
IMAP is cool, but please encrypt that shit. Take a look. Oh shit! My password!
Luckily, this one is encrypted.
POP3 is cool because you can use it with telnet to port 110. Take a look, it's
not bad, eh? It supports SSL, so it's not so bad. See below.
SMTP is cool. Yet again you can telnet to port 25. I do this a lot because I
like testing open relays. Two of my talks will be how to exploit and protect
e-mail. Yep, I'm a spammer. Not many people encrypt SMTP. It's useful to
encrypt it because the people that you don't want reading your mail are on your
network, too. Don't deny it. Picking up SMTP traffic on the net is horrible,
awful, evil, etc, etc. Anyone sniffing SMTP on the net ought to be shot. But
the truth of the matter is that nearly all mail goes over the wire unencrypted.
Maybe the reason that spammers do what they do is to bring the unencrypted
protocol to a standstill. A few people have predicted the end of the internet
due to spam. I think it just needs a little bit of loving. Our friend Crash can
explain the hilarity that ensues when we add spamd to the equation.
Skype is pretty wack. It's successful, you gotta give it that. It's encrypted
and compressed, but with absolutely zero independent validation. It probably
uses evasive udp session establishment (nat transversal), which I like quite a
lot. It sends a lot of small packets when you aren't talking. When it's sending
audio, the packets are bigger of course. I forget how big they get and how
fast. I'm thinking that they're probably around 100 B or so for low latency.
I always see it talking while I'm not using it. Protocols have to have
keepalives and queries for connections, but it's pretty rediculous. What
exactly is it saying? I bet it's saying more stuff than you would like it to.
Halo or no, fuxx0r that. It's seriously time for some reverse engineering of
that protocol. We have the technology. I have done a strace on it and I've
gotten a few things. We'll need to do more than that to decrypt that stream.
Adding a jump to print_hex would do it if they haven't obsfucated the crypto
library.
IRC is cool because it's quite public. Perl has a good library for it. Every
command is text, so if you have a good understanding of the protocol, you can
run it via telnet to port 6669.
AIM is an interesting protocol. I don't have time to capture it now, but check
it out sometime when you're chatting with someone.
SIP is a voip protocol, yet another http ripoff, it makes the udp server based.
Asterisk supports it, so that's a plus. It isn't encrypted, which is a serious
drawback. You don't want to tunnel it over encrypted TCP or the latency will
build up on poor connections and ruin the conversation. The only solution is to
simply use the protocol until we have support for an encrypted voip protocol. I
could get a capture if I wanted to spend some time on Asterisk. Asterisk is a
talk for another time.
IAX2 is a cool voip protocol for Asterisk. It uses nat transversal and can be
used P2P even though the main user of the protocol is Asterisk (a server-only
app). It isn't encrypted, but people have tried. I am very much interested in
using OpenSSL Blowfish (like UDP Session Dev) to encrypt it.
