On Fri, 14 Jun 2013 13:21:09 -0400, Scott Helms said: > How? There is truly not that much room in the IP packet to play games and > if you're modifying all your traffic this would again be pretty easy to > spot. Again, the easiest/cheapest method is that there is a backdoor there > already.
Do you actually examine your traffic and drop packets that have non-zeros in reserved fields? (Remember what that did to the deployment of ECN?) And there's plenty of room if you stick a TCP or IP option header in there. Do you actually check for those too? How fast can you send data to a cooperating router down the way if you splat the low 3 bits of TCP timestamps on a connection routed towards the cooperating router? (SUre, you just busted somebody's RTT calculation, but it will just decide it's a high-jitter path and deal with it).
pgpNjVVi69mjf.pgp
Description: PGP signature
