Date: Fri, 03 Apr 2015 12:41:54 +0200 From: Hans Petter Selasky <hps@selasky.org> To: "Robert N. M. Watson" <rwatson@FreeBSD.org> Cc: Mateusz Guzik <mjguzik@gmail.com>, Ian Lepore <ian@freebsd.org>, svn-src-all@freebsd.org, src-committers@freebsd.org, Gleb Smirnoff <glebius@FreeBSD.org>, svn-src-head@freebsd.org Subject: Re: svn commit: r280971 - in head: contrib/ipfilter/tools share/man/man4 sys/contrib/ipfilter/netinet sys/netinet sys/netipsec sys/netpfil/pf Message-ID: <551E6E72.8050208@selasky.org> In-Reply-To: <78DD67BD-621C-451D-8E30-EC9BF396716F@FreeBSD.org> References: <201504012226.t31MQedN044443@svn.freebsd.org> <20150402123522.GC64665@FreeBSD.org> <20150402133751.GA549@dft-labs.eu> <20150402134217.GG64665@FreeBSD.org> <20150402135157.GB549@dft-labs.eu> <1427983109.82583.115.camel@freebsd.org> <20150402142318.GC549@dft-labs.eu> <20150402143420.GI64665@FreeBSD.org> <20150402153805.GD549@dft-labs.eu> <alpine.BSF.2.11.1504021657440.27263@fledge.watson.org> <551D8143.4060509@selasky.org> <551D8945.8050906@selasky.org> <8900318B-8155-4131-A0C3-3DE169782EFC@FreeBSD.org> <551D8C6C.9060504@selasky.org> <alpine.BSF.2.11.1504021939390.64391@fledge.watson.org> <551DA5EA.1080908@selasky.org> <551DAC9E.9010303@selasky.org> <358EC58D-1F92-411E-ADEB-8072020E9EB3@FreeBSD.org> <551DEF26.4000403@selasky.org> <4B7DAA59-389F-41AE-99D8-034A7AA61C99@FreeBSD.org> <551E520E.1040708@selasky.org> <6DF5FB51-8135-4144-BD3A-6E4127A23AA7@FreeBSD.org> <551E5C38.7070203@selasky.org> <78DD67BD-621C-451D-8E30-EC9BF396716F@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 04/03/15 11:31, Robert N. M. Watson wrote: > TCP/IP covert and side channels Hi, Can you provide a reference to a document in the area of "TCP/IP covert and side channels" which is considered state of the art? Or is this litterature not publically available? According to: [PS]Covert Messaging Through TCP Timestamps - MIT web.mit.edu/greenie/Public/CovertMessaginginTCP.ps <cite> However, covert channels are seldom used due to their complexity </cite> Further it gives an example about having to send 3 megabytes to transfer a single bit. What I'm pointing at is that sending a handful of ping packets for example (hundreds of bytes), in a very short time, is enough to broadcast a bit through an entire firewall or router, if all the network interfaces get the IP ID from the same linearly incremented source, which is the case in FreeBSD: > https://svnweb.freebsd.org/base/stable/10/sys/netinet/ip_var.h?annotate=263307#l307 "ip_do_randomid" is zero by default, and is not documented anywhere: grep -r ip_do_randomid share/ > #define ip_newid() ((V_ip_do_randomid != 0) ? ip_randomid() : \ > htons(V_ip_id++)) What is the best efficiency ratio of the "TCP/IP covert and side channels" you know about? Are you absolutely sure you are talking about the same I'm referring to? --HPS
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?551E6E72.8050208>