[2026] in WWW Security List Archive
Re: Hacking a Personal Computer via E-mail
daemon@ATHENA.MIT.EDU (Rolf Weber)
Thu May 9 15:41:45 1996
From: Rolf Weber <weber@iez.com>
To: cwg@DeepEddy.Com (Chris Garrigues)
Date: Thu, 9 May 1996 18:34:36 +0200 (MESZ)
Cc: www-security@ns2.rutgers.edu (www-security)
In-Reply-To: <199605091524.KAA22191@deepeddy.DeepEddy.Com> from "Chris Garrigues" at May 9, 96 10:24:04 am
Errors-To: owner-www-security@ns2.rutgers.edu
>
> > >
> > > > another true story is that any protocol can be used to tunnel another,
> > > > will say email can be used to tunnel for example telnet. but this requires
> > > > help from inside.
> > >
> > > eh?
> > >
> > > There is no turing equivalence between protocols....If you're saying that you
> > > can run telnet on port 25 to get past packet filters, that's true, but that's
> > > not "using email to tunnel telnet".
> > >
> > > You can tunnel a streaming protocol on top of a another streaming protocol,
> > > but I hardly see that this means you can run telnet on top of RFC822.
> > >
> > why not?
> > IP packets are IP packets.
> > the one side receives this packet from the telnet server and mails it
> > to the other side, which extracts this packet and sends it to the client.
> > vice versa the same.
> > not a performance hit, but it should work.
> > give me a little time, and i'll write such a tool. :-)
>
> Well...if it weren't for little details like timeout values, I suppose....
>
> You do realize that you can't even run TCP over two satelite hops because the latency is greater than the timeouts, don't you?
>
i think you have 2 possibilities.
first to tunnel the telnet protocol:
telnetd <---> proxytelnet <--- smtp ---> proxytelnetd <---> telnet
you see, you have timeout problems only at the application level.
this timeout is quite large with telnet, if it exists any.
the second chance is to tunnel TCP. that's of course much harder,
but i think when you have passed the handshake it should work,
even over email.
as said, i nerver did it, but i was told by private mail it's
been done.
>
> Also, on the original claim that "any protocol can be used to tunnel another", explain to me how you're going to run a full networking protocol such as IP over a protocol like NTP which *only* passes time information.
>
of course, you only have to encode/decode the tunneled protocol to the speech
of the tunneling protocol.
may be this is hard with some protocols, but surely possible with smtp. :-)
rolf
--
-----------------------------------------
Rolf Weber <weber@iez.com> | All I ask is a chance
IEZ AG D-64625 Bensheim | to prove that money
++49-6251-1309-113 | can't make me happy.
