On 4 Apr 2015, at 09:40, Hans Petter Selasky <h...@selasky.org> wrote:

>> On 04/03/15 23:36, Gleb Smirnoff wrote:
>> The documentation on net.inet.ip.random_id is solid and doesn't need the
>> text from your commit.
> 
> Let me detail a bit more. The old text describing "random_id" clearly gives 
> the wrong impression. It says that information is only leaking one way. It is 
> for sure very misleading. Information can leak both from the inside to the 
> outside and from the outside to the inside. And also between two outsiders or 
> two insiders. That's what's scares me.
> 
> Try using my testapp if you don't believe me.
> 
> Given that the ICMP limit is 200 per second by default, I would guess that 
> 199 bits could at maximum be transferred per second in between two parties 
> using the proper algorithms.
> 
> If I myself was setting up a firewall, this is the kind of stuff I would like 
> to know about in advance.

Covert and side channels are inherent to the design of contemporary processors 
and operating systems -- via caches, memory bandwidth, OS scheduling, 
statistics, clock drift due to temperature, protocol counters, rate limiters, 
etc. The inherent difficulty of addressing malicious information-leak 
mechanisms means that our time is far better invested in trying to document and 
mitigate side channels than covert channels, whose existence must be taken for 
granted. And it's not just the IP ID field: almost any practical firewall 
configuration will be susceptible to lots of leaks of this sort. For example, 
rate limiting ICMP replies, TCP RST packets, etc, are all potential covert 
channels. And that is before you start letting through application-level 
protocols like DNS.

Instead, we simply need warning that the fundamental function of a firewall -- 
of communication as much as blocking or it would be a dual-homed host not a 
firewall -- makes it susceptible to covert channels by design. Firewalls are 
about limiting overt communication -- if you want to limit covert communication 
you need very different hardware and software designs.

Robert
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"

Reply via email to