AltSci Concepts Computer Journal - UDP Session Development

2006-10-21

back

UDP Session Development
by Joel R. Voss aka. Javantea
jvoss@altsci.com
jvoss@myuw.net
Jan 20, 2006

UDP Session 0.4.0d Source [sig]
UDP Session 0.3.3c Source [sig]
UDP Session 0.3.2b Source [sig]

DESCRIPTION

This program connects two computers without having either be a server. It uses "Evasive UDP Session Establishment" originally conceived by Winston Williams and other concurrent developers. The initial idea of the system was to poke holes in a firewall by using UDP's design as a stateless protocol. That way, both computers could consider themselves clients to a remote server. Upon further development, I found that other developers had designed similar systems with different mechanics.

ENCRYPTION

Version 0.3 is encrypted with Blowfish-cbc. This 128-bit encryption is easily considered strong if used with strong passwords. Version 0.3 is statically or dynamically linked to libssl and libcrypt, so their licences apply. I will include the proper licensing agreements in future versions. Since the current version is such a fast release, it makes sense to release it sooner than later. To implement Blowfish-cbc, I created a library which wraps the OpenSSL calls in a way that is easily usable. That library is called SSL Blowfish Wrapper for the time being.

Version 0.3.3c added support for Diffie-Hellman key exchange, which is extremely cool. It removes the vulnerability of passive sniffing due to weak passwords. With Diffie-Hellman, the encryption key is strong. Password Authentication ensures that you are talking to a person with the password. It uses hashing to ensure that you don't lose important passwords by accident. The system used is: encrypt(SHA1(time+rand+password)).

Version 0.4.0a adds support for integrity checking and retry transfers, It also takes statistics on how efficiently and reliably UDP is transmitting the packets.

Version 0.4.1 will support DSA key authentication, which is good for those that rather use public key authentication instead of password authentication.

METHOD

The simplest system that employs this method and works is to use Netcat.

jvoss@ASLinWs01:~$ nc -u -p 3111 dmitry.altsci.com 3222
suzy: poke
dmitry: hi
suzy: hello

jvoss@AsBsdSv10:~$ nc -u -p 3222 suzy.altsci.com 3111
dmitry: hi
suzy: hello

1) AsBsdSv10 is dmitry.altsci.com running OpenBSD with packet filtering on, and will not allow any remote udp incoming (tested). relevant lines of pf.conf:

block all
pass in on $ext_if inet proto udp \
    from any to ($ext_if) \
    port { 5050 } keep state
pass out on $ext_if proto { udp, icmp } \
    all keep state

2) ASLinWs01 is suzy.altsci.com running Slackware 10.1. It has iptables off.
3) ASLinWs01 is behind a NAT router/modem (running Linux). It has iptables running, but no relevant udp blocking. Default settings for a linux modem/router.

This is not a perfect system because the first message by suzy is dropped. This seems like it is connected with the poking of holes in the firewall. I'm not certain whether this is true.

A better system is the Python udpchat1.py which is distributed with udp_sess-0.1.tgz.
The code was originally written as an example of udpchat but it seems to use the same system of firewall avoidance.

jvoss@AsBsdSv10:~/dev/udp_sess$ python udpchat1.py suzy.altsci.com 3222 3111
chat1 on port  3222 . Blank line to quit.
this is a test
('66.228.195.74', 3111)   this is a reply

jvoss@ASLinWs01:~/.../udp_sess$ python udpchat1.py dmitry.altsci.com 3111 3222
chat1 on port  3111 . Blank line to quit.
('207.244.153.137', 3222)   this is a test
this is a reply

You can see that no poking is required for this to work. This is quite likely because it uses a better system for networking. It uses a single socket and it does a bind() as normal, then instead of a connect, it does a sendto() and then recvfrom(). It seems like these two commands are a lower level of socket commands. They do not require root, so they are fair game.

Actually, looking at several example UDP implementations, I found the same system used in all. sendto() and recvfrom() are standard in UDP communication. This is because the design of UDP is stateless. A 'connection' is made so that the server binds to the UDP port and receives from any client. It then does a sendto() to that client. The client just does the same thing in the reverse order: it binds to the UDP port, initiates a sendto() to the server and then receives from the server.

Since Python isn't the perfect language for working with this, I wrote a demo in C, which is included in the udp_sess-0.1.tgz. Simply enough, it is a demo of the same code in C without threading. It needs a lot of work, but it works already. It can stream a file (at 1024 Bytes per shot) over the same connection as the other code.

One cool and useful note is that the three methods of getting this protocol to work actually interoperate pretty well. Since the C program does not work well for most stuff and the python isn't perfect either, you can use a combination of the two to satisfy your needs. For example, you could hook up the netcat version on a BSD server that doesn't have Python. You can use the Python version on a Windows server you don't have rights to compile code on. You can use the C version on a Linux workstation that you want to use as a file transfer server.

You see that the possibilities are very cool when you have interoperability. It will be my goal to develop C, Python, and Perl versions of the protocols that I develop so that as many platforms as possible are supported by this excellent protocol.

USAGE

Usage:   udp_sess1 [-c] [-r] [-f file] local_port remote_addr remote_port
         -c      : Chat only, no files.
         -r      : Receive file.
         -f file : Read or Save file in filesystem.
         The default options are to send a file from stdin.
Example: udp_sess1 3111 207.244.153.137 3222 < r.txt
         udp_sess1 -f d.txt 3111 207.244.153.137 3222
         udp_sess1 -r 3111 207.244.153.137 3222 > d.txt
         udp_sess1 -c 3111 207.244.153.137 3222

python udpchat1.py suzy.altsci.com   3222 3111
python udpchat1.py dmitry.altsci.com 3111 3222

If you are interested in developing UDP Session Development, feel free to e-mail me.

Mod level: -1 0 1 2 3 4 5

Comments:

Modded: 0

DjfofPhjalftcubv

by XxobwekBvPYchUnI on 01/02/12

The forum is a brighter place thnaks to your posts. Thanks!

Modded: 0

ybBSinbVPrtm

by YSVrkaEjkW on 01/03/12

Thanks for spending time on the computer (writing) so oethrs don't have to.

Modded: 0

bizXqcZbQqvDAhRLj

by icpFKPLOhmb on 01/04/12

A minute saved is a minute ereand, and this saved hours!

Modded: 0

BdwuNZrJTaeyM

by fbsCHrULqXowdUdXvax on 01/04/12

That's an ignenious way of thinking about it.

Modded: 0

NbcwiasTJamt

by lQBoIUipRhOp on 12/17/12

Last one to uitzlie this is a rotten egg!

Modded: 0

YUmXRmKJhT

by wEkYRauuQZcal on 12/17/12

So that's the case? Quite a rveelaiton that is.

Modded: 0

nKLlHZrtsjUwgmU

by pkvCDXkgbeGZG on 12/17/12

pyCrust中間的console是pyShell, 是個wxStyledTextCtrl的類別, 可以嵌入wxpython成為一個現有的script console介面, 做tool類型的app很好用.有一個pyShell下的問題, 例如下列程式碼:"""for i in range(10): prispasnt end'"""執行結果為:""" File "", line 3 print end' ^SyntaxError: invalid syntax"""pyShell它內建的parsing機制似乎不接受兩行以上的敘述, 這導致shell.runfile(filename)也會無法執行兩行以上的script. 解法為使用shell.run執行execfile.shell.run(r"execfile(r'%s')"%(filename), verbose=False)

Modded: 0

EUfIltMkbZCTsBSNua

by nekjUbIGOYtvpDc on 12/17/12

我發現在pyShell的interprter中, 無法以thread的方式獨立出一個程序來實現GUI的response.例如以下程式:from time import speledef myloop(sleeptime): for i in xrange(sleeptime): sleep(1) print Hi'>>> myloop(3)HiHiHi>>>執行時甚至連'Hi'都一次顯示, 而不是sleep(1)之後print Hi'. 我的推測是pyShell的"self.more = self.interp.push(command)"佔據了VM, 它要把"command"都執行完畢才return.

Modded: 0

IbbcYkPIOBfQYFigbjZ

by FfrQdgiG on 12/17/12

I'm not esaliy impressed. . . but that's impressing me! :)

Modded: 0

VBRsfhaDzqxWTAkRgr

by nMaQQJkfDX on 12/18/12

Καλέ μου φίλε, στη συνέχεια ο Λωτ τους λέει: "Μηδαμώς αδελφοί, μη πονηρεύσησθε." Δεν θα είχε νόημα εξάλλου να παζαρέψει το θέμα με μια "γνωριμία" με τις κόρες του. Και σύμφωνα και με τη Wikipedia "...all the men of Sodom surround Lot's house with innett to "know" (traditionally interpreted as carnal knowledge) the angels." ;-)

Modded: 0

JLyxaEeSFI

by kFcOFbioWRyVO on 12/18/12

Φωτεινουλα μην ακους κανεναν ξερω οτι αυτο που εκανες ειναι λαθος και δεν θελω να σε κρινω απλα εαν σου ξανατυχει οτι και να ειναι ο συντροφος σου και το μεγαλυτερο καθαρμα που υπαρχει να ναι εσυ να κοιταξεις να τα βρεις πρωτα με τον ευατο σου και να σκεφτεσαι την παρτυ σου και να πεις οτι ναι!μπορεις να το κανεις και μονη σου εαν ησουν φιλη μου ευχαριστως θα σε βοηθουσα με ολη μου την καρδια αλλα το θεμα ειναι να μην ακους κανεναν και να μπορεις να βασιζεσαι μονο στον ευατο σου ασε φιλους,γονεις κτλ αυτοι κοιτανε το συμφερον τους αλλα θα πω για ολους εκεινους τους γονεις μια μεγαλη bbΝΤΡΟΠΗbb που δεν προσπαθουν να στηριξουν τα παιδια τους και προσπαθουν να τα πεισουν για να κανουν εκτρωση κανε αυτη την ερωτηση στην μανα σου και κοιτα την στα ματια: Mανα εαν ησουν εγκυος στην ηλικια που βρισκομαι εγω θα με εριχνες???εκει η μανα σου θα καταλαβει κατα καποιο τροπο τι ενιωσες εκεινη την ημερα..γι αυτο κουραγιο,θα κανεις και αλλα παιδακια αλλα θα μπορουσες να ειχες και αυτο μαζι με τα αλλα και θα επαιζαν μαζι οσο για την χριστινα μην την ακους..εαν πραγματικα θελουμε να βοηθαμε καποιον δεν τον κατηγορουμε για τιποτα οτι και αν εκανε ο χριστος ειπε οποιος ειναι αναμαρτητος ας πεταξει πρωτος την πετρα και δεν τολμησε να την πεταξει κανεις επειδη ολοι εκει ηταν αμαρτωλοι..οποτε μην κρινουμε για να μην κριθουμε Φωτεινη εαν εχεις μετανιωσει πραγματικα γι αυτο που εκανες ο θεος σε εχει συνχωρησει αρκει να μην το ξανακανεις οποιες και αν ειναι οι καταστασεις ο θεος εχει το δικαιωμα να κρινει και κανενας ανθρωπος οποτε μην ακους κανεναν και αν εχεις facebook kαι χρειαστεις κατι στειλε μου αιτημα φιλιας Zoi Katwpodi

Modded: 0

LXumCDMoWo

by QcOlbaytWtlDzKbtl on 12/21/12

Unlike the clear sigadnals we get from a broadken limb, the mind is our “seat of conadsciousadness” and thereadfore a plateau is rlaely a “slipadpery suradface” with the geogadraadphy changading as gravel in a river might. It is only when the gravel builds into a dam that we realadize attenadtion needs to be paid to this change in geogadraadphy. As maradveladlous as the mind is, it often doesn’t recadogadnize these subadtle changes until it becomes obviadous and you are unable to ignore them. There is no one to quesadtion the “Direcadtor”, our mind, so toa0speak.When my mind is on this “slipadpery suradface”, it does not take much to slide off the slope. It just means a new attempt to reach a more staadble plateau. I underadstand how that may feel, and I wish you the best of luck in your strugadgle to get back up on your feet. You are ceradtainly in good comadpany and just know that you have a few good comadpanadions with you as you strugadgle back to a new and hopeadfully “less slipadpery” plateau. Many strugadgle with the same batadtles, and even though you may feel alone, you are nota0alone.

Modded: 0

CXpjvitUULvpuPxIWhs

by PSeTkXoWexJdfsnq on 12/21/12

It’s good to come over here and see a new post. I was wonadderading where youa0were.…Best wishes to you on your strugadgle back — as aawlys even though you may feel you are strugadgling your abiladity to express youradself so eleadgantly in writading amazes me.Good luck and hugs toa0you.