Inter-protocol exploitation

It has been suggested that Inter-protocol communication be merged into this article. (Discuss)

Inter-protocol exploitation is a security vulnerability that takes advantage of interactions between two communication protocols, for example the protocols used in the Internet. Under this name, it was popularized in 2007 and publicly described in research^[1] of the same year. The general class of attacks that it refers to has been known since at least 1994 (see the Security Considerations section of RFC 1738).

Internet protocol implementations allow for the possibility of encapsulating exploit code to compromise a remote program which uses a different protocol. Inter-protocol exploitation is where one protocol attacks a service running a different protocol. This is a legacy problem because the specifications of the protocols did not take into consideration an attack of this type.

The two protocols involved in the vulnerability are the carrier and target. The carrier encapsulates the exploit code and the target protocol is used for communication by the intended victim service. Inter-protocol exploitation will be successful if the carrier protocol can encapsulate the exploit code which can take advantage of a target service. Also, there may be other preconditions depending on the complexity of the vulnerability.

One of the major points of concern is the potential for this attack vector to reach through firewalls and DMZs. Inter-protocol exploits can be transmitted over HTTP and launched from web browsers on an internal subnet. An important point is the web browser is not exploited though any conventional means.

• http://www.theregister.co.uk/2007/06/27/wade_alcorn_metasploit_interview/