Inter-protocol communication

Inter-protocol communication

Inter-protocol communication [cite web|url=http://www.ngssoftware.com/research/papers/InterProtocolCommunication.pdf|title=Inter-protocol Communication|date=2006-08|] is a security vulnerability in the fundamentals of a network communication protocol. Whilst other protocols are vulnerable, this vulnerability is commonly discussed in the context of the Hypertext Transfer Protocol (HTTP) [cite web|url=http://www.remote.org/jochen/sec/hfpa/index.html|title=HTML Form Protocol Attack|] . This attack uses the potential of the two different protocols meaningfully communicating commands and data.

Inter-protocol exploitation can utilize inter-protocol communication to establish the preconditions for launching an Inter-protocol exploit. For example, this process could negotiate the initial authentication communication for a vulnerability in password parsing.

Technical Details

The two protocols involved in the vulnerability are termed the carrier and target. The carrier encapsulates the commands and/or data. The target protocol is used for communication to the intended victim service. Inter-protocol communication will be successful if the carrier protocol can encapsulate the commands and/or data sufficiently to meaningfully communicate to the target service.

Preconditions

Two preconditions need to be met for successful communication across protocols: encapsulation and error tolerance.

Encapsulation

The carrier protocol must encapsulate the data and commands in a manner that the target protocol can understand. It is highly likely that the resulting data stream with induce parsing errors in the target protocol.

Error Tolerance

The target protocol be must be sufficiently forgiving of errors. During the Inter-Protocol connection it is likely that a percentage of the communication will be invalid and cause errors. To meet this precondition, the target protocol implementation must continue processing despite these errors.

References


Wikimedia Foundation. 2010.

Игры ⚽ Нужно сделать НИР?

Look at other dictionaries:

  • Inter-process communication — For other uses, see IPC. In computing, Inter process communication (IPC) is a set of methods for the exchange of data among multiple threads in one or more processes. Processes may be running on one or more computers connected by a network. IPC… …   Wikipedia

  • Inter-protocol exploitation — is a security vulnerability that takes advantage of interactions between two communication protocols, for example the protocols used in the Internet. Under this name, it was popularized in 2007 and publicly described in research[1] of the same… …   Wikipedia

  • Inter-Client Communication Conventions Manual — (ICCCM) ist ein offener Standard für X Window System Clients, die gemeinsam auf demselben X Server operieren wollen. Entwickelt wurde ICCCM durch das MIT X Consortium ab 1988. Inhaltsverzeichnis 1 Versionen 2 Beispiele aus dem Standard 3 …   Deutsch Wikipedia

  • Inter-Client Communication Conventions Manual — In computing, the Inter Client Communication Conventions Manual (ICCCM) is a standard for interoperability between X Window System clients of the same X server. It was designed by David S. H. Rosenthal of the MIT X Consortium in 1988. Version 1.0 …   Wikipedia

  • Protocol Buffers — infobox software name = Protocol Buffers developer = Google released = 7 July 2008 latest release version = 2.0.2 latest release date = 3 October 2008 latest preview version = latest preview date = operating system = Any platform = Cross platform …   Wikipedia

  • Inter-Language Unification — or ILU is a method for computer systems to exchange data, bridging differences in the way systems represent the various kinds of data. Even if two systems run on the same computer, or on identical computer hardware, many differences arise from… …   Wikipedia

  • Inter-Asterisk eXchange — IAX is the Inter Asterisk eXchange protocol native to Asterisk PBX and supported by a number of other softswitches and PBXs. It is used to enable VoIP connections between servers as well as client server communication.IAX now most commonly refers …   Wikipedia

  • Protocol stack — The protocol stack is an implementation of a computer networking protocol suite. The terms are often used interchangeably. Strictly speaking, the suite is the definition of the protocols, and the stack is the software implementation of them.[1]… …   Wikipedia

  • Inter-Access Point Protocol — IEEE 802.11F or Inter Access Point Protocol is a recommendation that describes an optional extension to IEEE 802.11 that provides wireless access point communications among multivendor systems [ [http://standards.ieee.org/getieee802/download/802.1… …   Wikipedia

  • Inter-logiciel — Intergiciel Un intergiciel, en anglais middleware, est un logiciel servant d intermédiaire de communication entre plusieurs applications, généralement complexes ou distribuées sur un réseau informatique. L intergiciel offre des services de haut… …   Wikipédia en Français

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”