From owner-svn-src-head@FreeBSD.ORG Fri Apr 3 10:58:41 2015 Return-Path: Delivered-To: svn-src-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 4984538C; Fri, 3 Apr 2015 10:58:41 +0000 (UTC) Received: from cyrus.watson.org (cyrus.watson.org [198.74.231.69]) by mx1.freebsd.org (Postfix) with ESMTP id 107D8835; Fri, 3 Apr 2015 10:58:41 +0000 (UTC) Received: from [10.0.1.17] (host81-157-243-31.range81-157.btcentralplus.com [81.157.243.31]) by cyrus.watson.org (Postfix) with ESMTPSA id 6550C46B46; Fri, 3 Apr 2015 06:58:39 -0400 (EDT) Content-Type: text/plain; charset=windows-1252 Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2070.6\)) Subject: Re: svn commit: r280971 - in head: contrib/ipfilter/tools share/man/man4 sys/contrib/ipfilter/netinet sys/netinet sys/netipsec sys/netpfil/pf From: "Robert N. M. Watson" In-Reply-To: <551E6E72.8050208@selasky.org> Date: Fri, 3 Apr 2015 11:58:37 +0100 Content-Transfer-Encoding: quoted-printable Message-Id: References: <201504012226.t31MQedN044443@svn.freebsd.org> <20150402123522.GC64665@FreeBSD.org> <20150402133751.GA549@dft-labs.eu> <20150402134217.GG64665@FreeBSD.org> <20150402135157.GB549@dft-labs.eu> <1427983109.82583.115.camel@freebsd.org> <20150402142318.GC549@dft-labs.eu> <20150402143420.GI64665@FreeBSD.org> <20150402153805.GD549@dft-labs.eu> <551D8143.4060509@selasky.org> <551D8945.8050906@selasky.org> <8900318B-8155-4131-A0C3-3DE169782EFC@FreeBSD.org> <551D8C6C.9060504@selasky.org> <551DA5EA.1080908@selasky.org> <551DAC9E.9010303@selasky.org> <358EC58D-1F92-411E-ADEB-8072020E9EB3@FreeBSD.org> <551DEF26.4000403@selasky.org> <4B7DAA59-389F-41AE-99D8-034A7AA61C99@FreeBSD.org> <551E520E.1040708@selasky.org> <6DF5FB51-8135-4144-BD3A-6E4127A23AA7@FreeBSD.org> <551E5C38.7070203@selasky.org> <78DD67BD-621C-451D-8E30-EC9BF396716F@FreeBSD.org> <551E6E72.8050208@selasky .org> To: Hans Petter Selasky X-Mailer: Apple Mail (2.2070.6) Cc: Mateusz Guzik , Ian Lepore , svn-src-all@freebsd.org, src-committers@freebsd.org, Gleb Smirnoff , svn-src-head@freebsd.org X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 03 Apr 2015 10:58:41 -0000 On 3 Apr 2015, at 11:41, Hans Petter Selasky wrote: > On 04/03/15 11:31, Robert N. M. Watson wrote: >> TCP/IP covert and side channels >=20 > Hi, >=20 > Can you provide a reference to a document in the area of "TCP/IP = covert and side channels" which is considered state of the art? Or is = this litterature not publically available? I'm not sure there's a recent survey article on the topic, but a keyword = search of the ACM Digital Library returns 493 articles for "TCP covert = channel". The second is this article by my colleague Steven Murdoch: http://www.cl.cam.ac.uk/~sjm217/papers/ih05coverttcp.pdf It contains a nice introduction to the concepts and 2005 framing, but = there has been significant work in this area since that was published. Note that the goal of a stronger IP ID scheme is *not* randomness per = se: it is a blend of non-predictability with maximising the interval of = non-reuse of IP IDs. Simple use of a random number generator = accomplishes the former adequately -- but the latter not at all, as it = makes no guarantees about reuse interval -- and in fact can experience = pessimal reuse intervals in normal operation. Mike Silbersack did quite = a bit of work in this area in FreeBSD about a decade ago and is the = person you want to talk to to understand the IP ID issue better. However, the more fundamental issue, regardless of covert and side = channels, is that we share the IP ID space across many 2-tuples. = Addressing that issue would markedly improve the robustness of large UDP = datagram support -- while as a side effect reducing covert and side = channels far more effectively than randomisation. Robert=