IETF Logo Mail Archive

Re: [tcpm] [tcpinc] TCP Stealth - possible interest to the WG

Hagen Paul Pfeifer <hagen@jauu.net> Wed, 20 August 2014 12:33 UTC

Return-Path: <hagen@jauu.net>
X-Original-To: tcpm@ietfa.amsl.com
Delivered-To: tcpm@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D61041A02FC for <tcpm@ietfa.amsl.com>; Wed, 20 Aug 2014 05:33:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.978
X-Spam-Level:
X-Spam-Status: No, score=-1.978 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-0.7] autolearn=unavailable
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id m1lvutavKifu for <tcpm@ietfa.amsl.com>; Wed, 20 Aug 2014 05:33:11 -0700 (PDT)
Received: from mail-la0-f48.google.com (mail-la0-f48.google.com [209.85.215.48]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A7E541A02E1 for <tcpm@ietf.org>; Wed, 20 Aug 2014 05:33:10 -0700 (PDT)
Received: by mail-la0-f48.google.com with SMTP id gl10so6979340lab.7 for <tcpm@ietf.org>; Wed, 20 Aug 2014 05:33:06 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=EZj+cV84IfHsw5Zus4Kr4CE3uYzUsCfsLTrKtN6ztC8=; b=gUc01zaW4GNHhSrY9vL18RVZqJd2gjRAIbi6V2/KgmSYiGzpbnZ8QSZUZEYg+MURJs d8fHfOARiB2h+PSNTZFa/M6tbl1zQ+7bsPbiwGez2vgI7GwBTaCej2iRC9PES7M10Wca q+2QZDYEa6NTTar854zECW9CR7fc8hL6iWU438JpQlhLNnT7mDIFr0Bt/V/OeReYqUNz gfzEXtcN2Avrz81shATOukwtDVLkBXTI5FW1uL6E31tKhjBVmol3OF588dQWdqlsnKqp tjTlw69mvb9FoyvxY14sZd0UXCAUy4qI+u2q8zIk6TGgvDJTvHmX2hPntGsbsk5zNP/f lQ3A==
X-Gm-Message-State: ALoCoQld6SL4+rpiHVs60waqUHAeri1TDWZrg5fRugge5enkFc3d0WlpNllLDFqIJUWP8TdA2uzJ
MIME-Version: 1.0
X-Received: by 10.112.52.130 with SMTP id t2mr25205468lbo.61.1408537986089; Wed, 20 Aug 2014 05:33:06 -0700 (PDT)
Received: by 10.152.242.42 with HTTP; Wed, 20 Aug 2014 05:33:05 -0700 (PDT)
X-Originating-IP: [80.246.32.33]
In-Reply-To: <f6dc10652f7b4f3499cef22c25a7aaaf@hioexcmbx05-prd.hq.netapp.com>
References: <ecdbe694b6964c159f64b1d3311c8cc6@hioexcmbx02-prd.hq.netapp.com> <CAFggDF2jhQPz0Eez=AU9M-k862wD_=VSyVpXtRAjT4zC6H4tgA@mail.gmail.com> <1408397675.299896.154112109.6F69043F@webmail.messagingengine.com> <8c5f6a1e9f2340e48e25dd151406b7d3@hioexcmbx05-prd.hq.netapp.com> <1408401991.317123.154137701.0A30F30C@webmail.messagingengine.com> <CAPh34meB=EtgNu=_eBS6ekB20fRccAqXFWydkCWG+6VKSa98rg@mail.gmail.com> <CAFggDF39L+kLQLmiWJR3q6suPOtYmKJiJUqp0kBv7GjUtNVOjA@mail.gmail.com> <CAPh34mdPtKvVJ2FfshPFwrwRDOw9CxxHT4ZTFYZZEVSoKOEq0A@mail.gmail.com> <53F3970D.5080906@grothoff.org> <CAPh34mf2rnNuM=YZ1uin1_PtkB8buOskMtf3NAJMOwdFeMe9MQ@mail.gmail.com> <53F39FAC.9070500@grothoff.org> <817214c2e5b444c7a780c1387e91da15@hioexcmbx05-prd.hq.netapp.com> <CAPh34mf9+c_W+rg4f-wVVrB8yP+ExOvgaJ4cz9cVG1yPT2CHkQ@mail.gmail.com> <f6dc10652f7b4f3499cef22c25a7aaaf@hioexcmbx05-prd.hq.netapp.com>
Date: Wed, 20 Aug 2014 14:33:05 +0200
Message-ID: <CAPh34mcasXmmKPTqfkXW-0txEMPpSFoNC9bAOPOA=5FFwqNdpQ@mail.gmail.com>
From: Hagen Paul Pfeifer <hagen@jauu.net>
To: "Scheffenegger, Richard" <rs@netapp.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: http://mailarchive.ietf.org/arch/msg/tcpm/YRwx1TuuNAPvyAwG63DfxjSPryw
Cc: "tcpinc@ietf.org" <tcpinc@ietf.org>, "tcpm (tcpm@ietf.org)" <tcpm@ietf.org>, Joe Touch <touch@isi.edu>, Christian Grothoff <christian@grothoff.org>
Subject: Re: [tcpm] [tcpinc] TCP Stealth - possible interest to the WG
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tcpm/>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Aug 2014 12:33:12 -0000

On 20 August 2014 14:21, Scheffenegger, Richard <rs@netapp.com> wrote:

> TSecr SHOULD be zero on SYN, (even though some implementations didn't adhere to this), and MUST NOT be interpreted when ACK is not set.

Yes, my intention was the following: all currently discussed ideas
"abuse" TCP fields in some way - they have a meaning, functionality.
But touching TSecr in the initial SYN has no meaning, in particular it
SHOULD be zero. Why not change this to something like this: the TSecr
in the first packet can serve as a stealth cookie and could be any
value. It is up to the implementation .... You know what I mean.

Hagen

v2.23.0 | Report a Bug | By Email