- Inter-protocol communication
Inter-protocol communication [cite web|url=http://www.ngssoftware.com/research/papers/InterProtocolCommunication.pdf|title=Inter-protocol Communication|date=2006-08|] is a security vulnerability in the fundamentals of a
networkcommunication protocol. Whilst other protocolsare vulnerable, this vulnerability is commonly discussed in the context of the Hypertext Transfer Protocol( HTTP) [cite web|url=http://www.remote.org/jochen/sec/hfpa/index.html|title=HTML Form Protocol Attack|] . This attack uses the potential of the two different protocolsmeaningfully communicating commandsand data. Inter-protocol exploitationcan utilize inter-protocol communication to establish the preconditions for launching an Inter-protocol exploit. For example, this process could negotiate the initial authenticationcommunication for a vulnerability in password parsing.
protocolsinvolved in the vulnerability are termed the carrier and target. The carrier encapsulates the commandsand/or data. The target protocolis used for communicationto the intended victim service. Inter-protocol communication will be successful if the carrier protocolcan encapsulate the commandsand/or datasufficiently to meaningfully communicateto the target service.
Two preconditions need to be met for successful
communicationacross protocols: encapsulation and error tolerance.
protocolmust encapsulate the dataand commandsin a manner that the target protocolcan understand. It is highly likely that the resulting data streamwith induce parsingerrors in the target protocol.
protocolbe must be sufficiently forgiving of errors. During the Inter-Protocol connection it is likely that a percentageof the communicationwill be invalid and cause errors. To meet this precondition, the target protocol implementationmust continue processing despite these errors.
Wikimedia Foundation. 2010.
Look at other dictionaries:
Inter-process communication — For other uses, see IPC. In computing, Inter process communication (IPC) is a set of methods for the exchange of data among multiple threads in one or more processes. Processes may be running on one or more computers connected by a network. IPC… … Wikipedia
Inter-protocol exploitation — is a security vulnerability that takes advantage of interactions between two communication protocols, for example the protocols used in the Internet. Under this name, it was popularized in 2007 and publicly described in research of the same… … Wikipedia
Inter-Client Communication Conventions Manual — (ICCCM) ist ein offener Standard für X Window System Clients, die gemeinsam auf demselben X Server operieren wollen. Entwickelt wurde ICCCM durch das MIT X Consortium ab 1988. Inhaltsverzeichnis 1 Versionen 2 Beispiele aus dem Standard 3 … Deutsch Wikipedia
Inter-Client Communication Conventions Manual — In computing, the Inter Client Communication Conventions Manual (ICCCM) is a standard for interoperability between X Window System clients of the same X server. It was designed by David S. H. Rosenthal of the MIT X Consortium in 1988. Version 1.0 … Wikipedia
Protocol Buffers — infobox software name = Protocol Buffers developer = Google released = 7 July 2008 latest release version = 2.0.2 latest release date = 3 October 2008 latest preview version = latest preview date = operating system = Any platform = Cross platform … Wikipedia
Inter-Language Unification — or ILU is a method for computer systems to exchange data, bridging differences in the way systems represent the various kinds of data. Even if two systems run on the same computer, or on identical computer hardware, many differences arise from… … Wikipedia
Inter-Asterisk eXchange — IAX is the Inter Asterisk eXchange protocol native to Asterisk PBX and supported by a number of other softswitches and PBXs. It is used to enable VoIP connections between servers as well as client server communication.IAX now most commonly refers … Wikipedia
Protocol stack — The protocol stack is an implementation of a computer networking protocol suite. The terms are often used interchangeably. Strictly speaking, the suite is the definition of the protocols, and the stack is the software implementation of them.… … Wikipedia
Inter-Access Point Protocol — IEEE 802.11F or Inter Access Point Protocol is a recommendation that describes an optional extension to IEEE 802.11 that provides wireless access point communications among multivendor systems [ [http://standards.ieee.org/getieee802/download/802.1… … Wikipedia
Inter-logiciel — Intergiciel Un intergiciel, en anglais middleware, est un logiciel servant d intermédiaire de communication entre plusieurs applications, généralement complexes ou distribuées sur un réseau informatique. L intergiciel offre des services de haut… … Wikipédia en Français