On 04/03/15 11:31, Robert N. M. Watson wrote:
TCP/IP covert and side channels
Hi,
Can you provide a reference to a document in the area of "TCP/IP covert
and side channels" which is considered state of the art? Or is this
litterature not publically available?
According to:
[PS]Covert Messaging Through TCP Timestamps - MIT
web.mit.edu/greenie/Public/CovertMessaginginTCP.ps
<cite> However, covert channels are seldom used due to their complexity
</cite>
Further it gives an example about having to send 3 megabytes to transfer
a single bit.
What I'm pointing at is that sending a handful of ping packets for
example (hundreds of bytes), in a very short time, is enough to
broadcast a bit through an entire firewall or router, if all the network
interfaces get the IP ID from the same linearly incremented source,
which is the case in FreeBSD:
https://svnweb.freebsd.org/base/stable/10/sys/netinet/ip_var.h?annotate=263307#l307
"ip_do_randomid" is zero by default, and is not documented anywhere:
grep -r ip_do_randomid share/
#define ip_newid() ((V_ip_do_randomid != 0) ? ip_randomid() : \
htons(V_ip_id++))
What is the best efficiency ratio of the "TCP/IP covert and side
channels" you know about? Are you absolutely sure you are talking about
the same I'm referring to?
--HPS
_______________________________________________
svn-src-head@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
