Inter-protocol Exploitation
Encyclopedia
Inter-protocol exploitation is a security vulnerability
that takes advantage of interactions between two communication protocols, for example the protocols used in the Internet
. Under this name, it was popularized in 2007 and publicly described in research of the same year. The general class of attacks that it refers to has been known since at least 1994 (see the Security Considerations section of RFC 1738).
Internet protocol
implementations allow for the possibility of encapsulating exploit code
to compromise a remote program which uses a different protocol. Inter-protocol exploitation is where one protocol attacks a service running a different protocol. This is a legacy problem because the specifications of the protocols did not take into consideration an attack of this type.
Inter-protocol exploitation will be successful if the carrier protocol can encapsulate the exploit code which can take advantage of a target service. Also, there may be other preconditions
depending on the complexity of the vulnerability.
and DMZ
s. Inter-protocol exploits can be transmitted over HTTP and launched from web browsers on an internal subnet
. An important point is the web browser is not exploited though any conventional means.
Vulnerability (computing)
In computer security, a vulnerability is a weakness which allows an attacker to reduce a system's information assurance.Vulnerability is the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw...
that takes advantage of interactions between two communication protocols, for example the protocols used in the Internet
Internet
The Internet is a global system of interconnected computer networks that use the standard Internet protocol suite to serve billions of users worldwide...
. Under this name, it was popularized in 2007 and publicly described in research of the same year. The general class of attacks that it refers to has been known since at least 1994 (see the Security Considerations section of RFC 1738).
Internet protocol
Internet Protocol
The Internet Protocol is the principal communications protocol used for relaying datagrams across an internetwork using the Internet Protocol Suite...
implementations allow for the possibility of encapsulating exploit code
Exploit (computer security)
An exploit is a piece of software, a chunk of data, or sequence of commands that takes advantage of a bug, glitch or vulnerability in order to cause unintended or unanticipated behavior to occur on computer software, hardware, or something electronic...
to compromise a remote program which uses a different protocol. Inter-protocol exploitation is where one protocol attacks a service running a different protocol. This is a legacy problem because the specifications of the protocols did not take into consideration an attack of this type.
Technical details
The two protocols involved in the vulnerability are the carrier and target. The carrier encapsulates the exploit code and the target protocol is used for communication by the intended victim service.Inter-protocol exploitation will be successful if the carrier protocol can encapsulate the exploit code which can take advantage of a target service. Also, there may be other preconditions
Inter-protocol communication
Inter-protocol communication is a security vulnerability in the fundamentals of a network communication protocol. Whilst other protocols are vulnerable, this vulnerability is commonly discussed in the context of the Hypertext Transfer Protocol...
depending on the complexity of the vulnerability.
Current implications
One of the major points of concern is the potential for this attack vector to reach through firewallsFirewall (computing)
A firewall is a device or set of devices designed to permit or deny network transmissions based upon a set of rules and is frequently used to protect networks from unauthorized access while permitting legitimate communications to pass....
and DMZ
Demilitarized zone (computing)
In computer security, a DMZ is a physical or logical subnetwork that contains and exposes an organization's external services to a larger untrusted network, usually the Internet...
s. Inter-protocol exploits can be transmitted over HTTP and launched from web browsers on an internal subnet
Subnetwork
A subnetwork, or subnet, is a logically visible subdivision of an IP network. The practice of dividing a network into subnetworks is called subnetting....
. An important point is the web browser is not exploited though any conventional means.