Re: [perpass] [tcpm] TCP Stealth - possible interest to the WG
"Scharf, Michael (Michael)" <michael.scharf@alcatel-lucent.com> Mon, 18 August 2014 14:30 UTC
Return-Path: <michael.scharf@alcatel-lucent.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 16ED61A03EE for <perpass@ietfa.amsl.com>; Mon, 18 Aug 2014 07:30:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.568
X-Spam-Level:
X-Spam-Status: No, score=-2.568 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.668] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0VMVhahgIjdn for <perpass@ietfa.amsl.com>; Mon, 18 Aug 2014 07:30:04 -0700 (PDT)
Received: from smtp-fr.alcatel-lucent.com (fr-hpida-esg-02.alcatel-lucent.com [135.245.210.21]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7BEB81A0444 for <perpass@ietf.org>; Mon, 18 Aug 2014 07:29:48 -0700 (PDT)
Received: from fr712usmtp2.zeu.alcatel-lucent.com (unknown [135.239.2.42]) by Websense Email Security Gateway with ESMTPS id 4FCCAC5945EFC; Mon, 18 Aug 2014 14:29:44 +0000 (GMT)
Received: from FR711WXCHHUB01.zeu.alcatel-lucent.com (fr711wxchhub01.zeu.alcatel-lucent.com [135.239.2.111]) by fr712usmtp2.zeu.alcatel-lucent.com (GMO) with ESMTP id s7IETaOQ003886 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Mon, 18 Aug 2014 16:29:45 +0200
Received: from FR712WXCHMBA15.zeu.alcatel-lucent.com ([169.254.7.218]) by FR711WXCHHUB01.zeu.alcatel-lucent.com ([135.239.2.111]) with mapi id 14.02.0247.003; Mon, 18 Aug 2014 16:29:43 +0200
From: "Scharf, Michael (Michael)" <michael.scharf@alcatel-lucent.com>
To: "perpass@ietf.org" <perpass@ietf.org>
Thread-Topic: [tcpm] TCP Stealth - possible interest to the WG
Thread-Index: Ac+448Fsl9mI8tJfQO6l37mQPpygtgB+DAeAAARk9EA=
Date: Mon, 18 Aug 2014 14:29:43 +0000
Message-ID: <655C07320163294895BBADA28372AF5D165FDE51@FR712WXCHMBA15.zeu.alcatel-lucent.com>
References: <ecdbe694b6964c159f64b1d3311c8cc6@hioexcmbx02-prd.hq.netapp.com> <CAPh34mdNfgayzDfzwn31H-esgrNza06r1ZOdsCaK+fhc_LbruA@mail.gmail.com>
In-Reply-To: <CAPh34mdNfgayzDfzwn31H-esgrNza06r1ZOdsCaK+fhc_LbruA@mail.gmail.com>
Accept-Language: de-DE, en-US
Content-Language: de-DE
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [135.239.27.39]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: http://mailarchive.ietf.org/arch/msg/perpass/vK6UXQRb_Fuvx0JhgGn1wUyRjyM
Cc: Hagen Paul Pfeifer <hagen@jauu.net>
Subject: Re: [perpass] [tcpm] TCP Stealth - possible interest to the WG
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass/>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 18 Aug 2014 14:30:10 -0000
Regarding discussions of draft-kirsch-ietf-tcp-stealth: I think that technical aspects should really be discussed on the tcpm and/or tcpinc list. I just learnt that there is also discussion on perpass. In particular the tcpm list is usually a good starting point for kicking off any TCP-related discussion (no matter where it finally ends within the IETF). Michael > -----Original Message----- > From: tcpm [mailto:tcpm-bounces@ietf.org] On Behalf Of Hagen Paul > Pfeifer > Sent: Monday, August 18, 2014 4:00 PM > To: Scheffenegger, Richard > Cc: tcpinc@ietf.org; tcpm (tcpm@ietf.org); Joe Touch > Subject: Re: [tcpm] TCP Stealth - possible interest to the WG > > Hi Richard, tcpm, tcpinc > > the ground work for the ID is likely the following master thesis > titled "Improved Kernel-Based Port-Knocking in Linux"[1]: > Feeling a little bit unfortunate with this obfuscation technique but > highly appreciate efforts to prevent mass scanning. BTW: discussion on > this ID already started on perpass. > > Cheers, Hagen > > [1] https://gnunet.org/sites/default/files/ma_kirsch_2014.pdf > > > On 16 August 2014 01:51, Scheffenegger, Richard <rs@netapp.com> wrote: > > Hi, > > > > I just learned about an individual submission, which is probably of > interest > > not only to the members of these two WGs; > > > > http://tools.ietf.org/html/draft-kirsch-ietf-tcp-stealth-00 > > > > > > On a first, casual glance, I am wondering if the authors have > realized all > > the implications of their suggestion; > > > > There seem to be at least two or three major issues that compromise > either > > the working and stability of TCP, or work against the intended > > “stealthieness” of this modification (making it easy for an attacker > to > > identify such sessions, provided he is able to actively interfere > with > > segments in transit (ie. cause certain segments to be dropped). > > > > Nevertheless, it might be beneficial to discuss the generic idea in a > wider > > forum, among brighter minds than me. > > > > Richard Scheffenegger > > > > > > > > _______________________________________________ > > tcpm mailing list > > tcpm@ietf.org > > https://www.ietf.org/mailman/listinfo/tcpm > > > > _______________________________________________ > tcpm mailing list > tcpm@ietf.org > https://www.ietf.org/mailman/listinfo/tcpm
- Re: [perpass] [tcpm] TCP Stealth - possible inter… Scharf, Michael (Michael)