From owner-svn-src-all@FreeBSD.ORG Fri Apr 3 10:41:20 2015 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id DCAD3D0C; Fri, 3 Apr 2015 10:41:20 +0000 (UTC) Received: from mail.turbocat.net (heidi.turbocat.net [88.198.202.214]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 8B0E968F; Fri, 3 Apr 2015 10:41:19 +0000 (UTC) Received: from laptop015.home.selasky.org (cm-176.74.213.204.customer.telag.net [176.74.213.204]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.turbocat.net (Postfix) with ESMTPSA id D20C71FE022; Fri, 3 Apr 2015 12:41:11 +0200 (CEST) Message-ID: <551E6E72.8050208@selasky.org> Date: Fri, 03 Apr 2015 12:41:54 +0200 From: Hans Petter Selasky User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:31.0) Gecko/20100101 Thunderbird/31.4.0 MIME-Version: 1.0 To: "Robert N. M. Watson" Subject: Re: svn commit: r280971 - in head: contrib/ipfilter/tools share/man/man4 sys/contrib/ipfilter/netinet sys/netinet sys/netipsec sys/netpfil/pf References: <201504012226.t31MQedN044443@svn.freebsd.org> <20150402123522.GC64665@FreeBSD.org> <20150402133751.GA549@dft-labs.eu> <20150402134217.GG64665@FreeBSD.org> <20150402135157.GB549@dft-labs.eu> <1427983109.82583.115.camel@freebsd.org> <20150402142318.GC549@dft-labs.eu> <20150402143420.GI64665@FreeBSD.org> <20150402153805.GD549@dft-labs.eu> <551D8143.4060509@selasky.org> <551D8945.8050906@selasky.org> <8900318B-8155-4131-A0C3-3DE169782EFC@FreeBSD.org> <551D8C6C.9060504@selasky.org> <551DA5EA.1080908@selasky.org> <551DAC9E.9010303@selasky.org> <358EC58D-1F92-411E-ADEB-8072020E9EB3@FreeBSD.org> <551DEF26.4000403@selasky.org> <4B7DAA59-389F-41AE-99D8-034A7AA61C99@FreeBSD.org> <551E520E.1040708@selasky.org> <6DF5FB51-8135-4144-BD3A-6E4127A23AA7@FreeBSD.org> <551E5C38.7070203@selasky.org> <78DD67BD-621C-451D-8E30-EC9BF396716F@FreeBSD.org> In-Reply-To: <78DD67BD-621C-451D-8E30-EC9BF396716F@FreeBSD.org> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit Cc: Mateusz Guzik , Ian Lepore , svn-src-all@freebsd.org, src-committers@freebsd.org, Gleb Smirnoff , svn-src-head@freebsd.org X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 03 Apr 2015 10:41:21 -0000 On 04/03/15 11:31, Robert N. M. Watson wrote: > TCP/IP covert and side channels Hi, Can you provide a reference to a document in the area of "TCP/IP covert and side channels" which is considered state of the art? Or is this litterature not publically available? According to: [PS]Covert Messaging Through TCP Timestamps - MIT web.mit.edu/greenie/Public/CovertMessaginginTCP.ps However, covert channels are seldom used due to their complexity Further it gives an example about having to send 3 megabytes to transfer a single bit. What I'm pointing at is that sending a handful of ping packets for example (hundreds of bytes), in a very short time, is enough to broadcast a bit through an entire firewall or router, if all the network interfaces get the IP ID from the same linearly incremented source, which is the case in FreeBSD: > https://svnweb.freebsd.org/base/stable/10/sys/netinet/ip_var.h?annotate=263307#l307 "ip_do_randomid" is zero by default, and is not documented anywhere: grep -r ip_do_randomid share/ > #define ip_newid() ((V_ip_do_randomid != 0) ? ip_randomid() : \ > htons(V_ip_id++)) What is the best efficiency ratio of the "TCP/IP covert and side channels" you know about? Are you absolutely sure you are talking about the same I'm referring to? --HPS