On 3 Apr 2015, at 11:41, Hans Petter Selasky <h...@selasky.org> wrote:
> On 04/03/15 11:31, Robert N. M. Watson wrote:
>> TCP/IP covert and side channels
>
> Hi,
>
> Can you provide a reference to a document in the area of "TCP/IP covert and
> side channels" which is considered state of the art? Or is this litterature
> not publically available?
I'm not sure there's a recent survey article on the topic, but a keyword search
of the ACM Digital Library returns 493 articles for "TCP covert channel". The
second is this article by my colleague Steven Murdoch:
http://www.cl.cam.ac.uk/~sjm217/papers/ih05coverttcp.pdf
It contains a nice introduction to the concepts and 2005 framing, but there has
been significant work in this area since that was published.
Note that the goal of a stronger IP ID scheme is *not* randomness per se: it is
a blend of non-predictability with maximising the interval of non-reuse of IP
IDs. Simple use of a random number generator accomplishes the former adequately
-- but the latter not at all, as it makes no guarantees about reuse interval --
and in fact can experience pessimal reuse intervals in normal operation. Mike
Silbersack did quite a bit of work in this area in FreeBSD about a decade ago
and is the person you want to talk to to understand the IP ID issue better.
However, the more fundamental issue, regardless of covert and side channels, is
that we share the IP ID space across many 2-tuples. Addressing that issue would
markedly improve the robustness of large UDP datagram support -- while as a
side effect reducing covert and side channels far more effectively than
randomisation.
Robert
_______________________________________________
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
