Re: [tcpm] [tcpinc] TCP Stealth - possible interest to the WG
Alfie John <alfiej@fastmail.fm> Mon, 18 August 2014 21:34 UTC
Return-Path: <alfiej@fastmail.fm>
X-Original-To: tcpm@ietfa.amsl.com
Delivered-To: tcpm@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CF5DB1A6F2A for <tcpm@ietfa.amsl.com>; Mon, 18 Aug 2014 14:34:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.3
X-Spam-Level:
X-Spam-Status: No, score=-1.3 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JP2xkcL1KtEB for <tcpm@ietfa.amsl.com>; Mon, 18 Aug 2014 14:34:37 -0700 (PDT)
Received: from out1-smtp.messagingengine.com (out1-smtp.messagingengine.com [66.111.4.25]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 161AE1A000B for <tcpm@ietf.org>; Mon, 18 Aug 2014 14:34:37 -0700 (PDT)
Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by gateway1.nyi.internal (Postfix) with ESMTP id 2BDBB232BE for <tcpm@ietf.org>; Mon, 18 Aug 2014 17:34:36 -0400 (EDT)
Received: from web2 ([10.202.2.212]) by compute4.internal (MEProxy); Mon, 18 Aug 2014 17:34:36 -0400
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=fastmail.fm; h= message-id:from:to:cc:mime-version:content-transfer-encoding :content-type:subject:reply-to:date:in-reply-to:references; s= mesmtp; bh=2ikeGNz3vIFi/uwN2Bdy0kWIpeM=; b=llMsvPB0yiWFAZMjiWpcK rBLXGbN9nR5HooWgV2/VFA9iZl59zcJbMhmgRSo6hJ79FLaRi7ppJxILf5dFWXsx oPomxvnbUbSJ3/31o6aD5qFZWNMu/eTJvRbhGSPCZx3/hchyMVaqgrzkHN2C0+iB xk3weCBzaLCh1xqjOEbCMs=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; h=message-id:from:to:cc:mime-version :content-transfer-encoding:content-type:subject:reply-to:date :in-reply-to:references; s=smtpout; bh=2ikeGNz3vIFi/uwN2Bdy0kWIp eM=; b=IJ8dhWSQgCx+LpEFVDG60WJRBF5FIOYOXko0UnfmgRSHicwsgf7zzcg9k W6m/c1B/eTJQ0lyDEmBdvVsmfq/RHeZJNapbElra4mNdqYjeDgd+/nafg8FJ9zOR Elu1khgsNVy/z63aVKNZm7xYGXREsGvKJRVPDhY/4d50uJhb3w=
Received: by web2.nyi.internal (Postfix, from userid 99) id 0641A540211; Mon, 18 Aug 2014 17:34:36 -0400 (EDT)
Message-Id: <1408397675.299896.154112109.6F69043F@webmail.messagingengine.com>
X-Sasl-Enc: 0mUKHRI1hJp/303iaQwsqJhUK09ryrtHpqowW6PFvXc/ 1408397675
From: Alfie John <alfiej@fastmail.fm>
To: Jacob Appelbaum <jacob@appelbaum.net>, "Scheffenegger, Richard" <rs@netapp.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain
X-Mailer: MessagingEngine.com Webmail Interface - ajax-5f815d4c
Date: Mon, 18 Aug 2014 23:34:35 +0200
In-Reply-To: <CAFggDF2jhQPz0Eez=AU9M-k862wD_=VSyVpXtRAjT4zC6H4tgA@mail.gmail.com>
References: <ecdbe694b6964c159f64b1d3311c8cc6@hioexcmbx02-prd.hq.netapp.com> <CAFggDF2jhQPz0Eez=AU9M-k862wD_=VSyVpXtRAjT4zC6H4tgA@mail.gmail.com>
Archived-At: http://mailarchive.ietf.org/arch/msg/tcpm/jG9T42yXa5uZ-yIHL7ZIVwyqoio
X-Mailman-Approved-At: Tue, 19 Aug 2014 08:01:35 -0700
Cc: Christian Grothoff <christian@grothoff.org>, tcpinc@ietf.org, "tcpm (tcpm@ietf.org)" <tcpm@ietf.org>, Joe Touch <touch@isi.edu>
Subject: Re: [tcpm] [tcpinc] TCP Stealth - possible interest to the WG
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: alfiej@fastmail.fm
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tcpm/>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 18 Aug 2014 21:34:39 -0000
On Mon, Aug 18, 2014, at 02:50 PM, Jacob Appelbaum wrote: > On 8/15/14, Scheffenegger, Richard <rs@netapp.com> wrote: > > I just learned about an individual submission, which is probably of > > interest not only to the members of these two WGs; > > > > http://tools.ietf.org/html/draft-kirsch-ietf-tcp-stealth-00 > > > There seem to be at least two or three major issues that compromise > > either the working and stability of TCP, or work against the > > intended "stealthieness" of this modification (making it easy for an > > attacker to identify such sessions, provided he is able to actively > > interfere with segments in transit (ie. cause certain segments to be > > dropped). > > Could you expand on these thoughts a bit? > > > Nevertheless, it might be beneficial to discuss the generic idea in > > a wider forum, among brighter minds than me. Let's look at Richard's concerns: > compromise either the working and stability of TCP This RFC only modifies the calculation of the SQN number in order to get port-knockable services. Every other host between just continues to see the SQN as a random number as it did before. Unless between hops were to modify the packet's timestamps, this will be completely backwards compatible. > work against the intended "stealthieness" of this modification (making > it easy for an attacker to identify such sessions, provided he is able > to actively interfere with segments in transit This is not about hiding from big brother who is listening on the wire. This is about minimising your visible footprint to the wider internet. It's on par to your server's firewall dropping all incoming connections unless you have the shared secret. But with this RFC, you don't need to know the source IP address before hand. I think it's a great idea. Nice work. Alfie -- Alfie John alfiej@fastmail.fm
- [tcpm] TCP Stealth - possible interest to the WG Scheffenegger, Richard
- Re: [tcpm] TCP Stealth - possible interest to the… Hagen Paul Pfeifer
- Re: [tcpm] [tcpinc] TCP Stealth - possible intere… Jacob Appelbaum
- Re: [tcpm] TCP Stealth - possible interest to the… Ted Faber
- Re: [tcpm] [tcpinc] TCP Stealth - possible intere… Scheffenegger, Richard
- Re: [tcpm] [tcpinc] TCP Stealth - possible intere… Alfie John
- Re: [tcpm] [tcpinc] TCP Stealth - possible intere… Alfie John
- Re: [tcpm] [tcpinc] TCP Stealth - possible intere… Hagen Paul Pfeifer
- Re: [tcpm] [tcpinc] TCP Stealth - possible intere… Jacob Appelbaum
- Re: [tcpm] [tcpinc] TCP Stealth - possible intere… Scheffenegger, Richard
- Re: [tcpm] [tcpinc] TCP Stealth - possible intere… Hagen Paul Pfeifer
- Re: [tcpm] [tcpinc] TCP Stealth - possible intere… Jacob Appelbaum
- Re: [tcpm] [tcpinc] TCP Stealth - possible intere… Hagen Paul Pfeifer
- Re: [tcpm] [tcpinc] TCP Stealth - possible intere… Florian Westphal
- Re: [tcpm] [tcpinc] TCP Stealth - possible intere… Florian Westphal
- Re: [tcpm] [tcpinc] TCP Stealth - possible intere… Yoshifumi Nishida
- Re: [tcpm] [tcpinc] TCP Stealth - possible intere… Scheffenegger, Richard
- Re: [tcpm] [tcpinc] TCP Stealth - possible intere… Hagen Paul Pfeifer
- Re: [tcpm] [tcpinc] TCP Stealth - possible intere… Scheffenegger, Richard
- Re: [tcpm] [tcpinc] TCP Stealth - possible intere… Scheffenegger, Richard
- Re: [tcpm] [tcpinc] TCP Stealth - possible intere… Hagen Paul Pfeifer
- Re: [tcpm] [tcpinc] TCP Stealth - possible intere… Jacob Appelbaum
- Re: [tcpm] [tcpinc] TCP Stealth - possible intere… Christian Grothoff
- Re: [tcpm] [tcpinc] TCP Stealth - possible intere… Christian Grothoff
- Re: [tcpm] [tcpinc] TCP Stealth - possible intere… Christian Grothoff
- Re: [tcpm] [tcpinc] TCP Stealth - possible intere… Christian Grothoff
- Re: [tcpm] [tcpinc] TCP Stealth - possible intere… Christian Grothoff
- Re: [tcpm] [tcpinc] TCP Stealth - possible intere… Daniel Borkmann
- Re: [tcpm] [tcpinc] TCP Stealth - possible intere… Jacob Appelbaum
- Re: [tcpm] [tcpinc] TCP Stealth - possible intere… Alfie John
- Re: [tcpm] [tcpinc] TCP Stealth - possible intere… Joe Touch
- Re: [tcpm] [tcpinc] TCP Stealth - possible intere… Joe Touch
- Re: [tcpm] [tcpinc] TCP Stealth - possible intere… Christian Grothoff