IETF Logo Mail Archive

Re: forgery-resilience recommendations section

Michael Graff <michael_graff@isc.org> Wed, 15 August 2007 17:09 UTC

Return-path: <owner-namedroppers@ops.ietf.org>
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1ILMNO-0000JB-PK; Wed, 15 Aug 2007 13:09:46 -0400
Received: from psg.com ([147.28.0.62]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1ILMNM-00038p-KR; Wed, 15 Aug 2007 13:09:46 -0400
Received: from majordom by psg.com with local (Exim 4.67 (FreeBSD)) (envelope-from <owner-namedroppers@ops.ietf.org>) id 1ILMIF-0009Gl-8X for namedroppers-data@psg.com; Wed, 15 Aug 2007 17:04:27 +0000
X-Spam-Checker-Version: SpamAssassin 3.2.1 (2007-05-02) on psg.com
X-Spam-Level:
X-Spam-Status: No, score=-2.5 required=5.0 tests=BAYES_00,RDNS_NONE autolearn=no version=3.2.1
Received: from [204.152.186.144] (helo=white.flame.org) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.67 (FreeBSD)) (envelope-from <michael_graff@isc.org>) id 1ILMI0-0009FQ-HV for namedroppers@ops.ietf.org; Wed, 15 Aug 2007 17:04:13 +0000
Received: from white.flame.org (localhost [127.0.0.1]) by white.flame.org (Postfix) with ESMTP id 45BB5327A83; Wed, 15 Aug 2007 10:04:11 -0700 (PDT)
Received: from [10.42.120.8] (ip68-97-27-239.ok.ok.cox.net [68.97.27.239]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by white.flame.org (Postfix) with ESMTP id 97E7B327A78; Wed, 15 Aug 2007 10:04:10 -0700 (PDT)
Message-ID: <46C33141.5050503@isc.org>
Date: Wed, 15 Aug 2007 12:00:49 -0500
From: Michael Graff <michael_graff@isc.org>
User-Agent: Thunderbird 2.0.0.6 (Windows/20070728)
MIME-Version: 1.0
To: Andreas Gustafsson <gson@araneus.fi>
CC: Edward Lewis <Ed.Lewis@neustar.biz>, namedroppers@ops.ietf.org
Subject: Re: forgery-resilience recommendations section
References: <E1IIPpu-0003yG-Ss@stiedprstage1.ietf.org> <46C03070.7020604@isc.org> <20070813110643.GB24229@outpost.ds9a.nl> <46C04A14.6030801@NLnetLabs.nl> <20070813130332.GD24229@outpost.ds9a.nl> <200708131608.l7DG8g44048651@ogud.com> <a06240801c2e8b652d375@[192.168.1.100]> <18115.10805.158587.652030@guava.gson.org>
In-Reply-To: <18115.10805.158587.652030@guava.gson.org>
X-Enigmail-Version: 0.95.3
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: ClamAV using ClamSMTP
Sender: owner-namedroppers@ops.ietf.org
Precedence: bulk
List-id: DNSEXT discussion <namedroppers.ops.ietf.org>
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 8b30eb7682a596edff707698f4a80f7d

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Andreas Gustafsson wrote:

> In the case of a server using a single port, we already assume that
> the attacker has a way of determining which port is in use.  The
> methods the attacker may use for doing that easily extend to multiple
> ports, so we must also assume that the attacker now has a way of
> determining the _set_ of ports currently in use.  If he does that
> determination immediately before the attack, and repeats it frequently
> enough during an extended attack, he will be able to track any changes
> in the set.

That would almost imply that using one port for a server would actually
limit the ability to attack other servers if they have a chance to use a
different port.

That is, if an attacker could only detect a limited number of ports a
server uses (say, out of 16), the others would still be unknown
quantities from the attacker's point of view.

If, on the other hand, a random port were used, it's only a matter of
time before all ports were detected.

- --Michael

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)

iD8DBQFGwzFBZXirchfeIY0RAr8sAJ96Lp5E6EdIAOKRDeTWkUd7JHOV1wCgktcm
ljpzBVPxcz9LG8KH5iqpGP4=
=dvqT
-----END PGP SIGNATURE-----

--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>

v2.46.0 | Report a Bug | By Email | System Status