huawei

• Previous message (by thread): huawei
• Next message (by thread): huawei
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Jun 14, 2013 at 1:51 PM, <Valdis.Kletnieks at vt.edu> wrote:

> On Fri, 14 Jun 2013 13:21:09 -0400, Scott Helms said:
>
> > How?  There is truly not that much room in the IP packet to play games
> and
> > if you're modifying all your traffic this would again be pretty easy to
> > spot.  Again, the easiest/cheapest method is that there is a backdoor
> there
> > already.
>
> Do you actually examine your traffic and drop packets that have non-zeros
> in reserved fields?  (Remember what that did to the deployment of ECN?)
>
> And there's plenty of room if you stick a TCP or IP option header in
> there. Do
> you actually check for those too?
>

When I think something odd is happening or I'm benchmarking new gear from a
new vendor, yes I do but the main point is that there is so little benefit
for them do this why would they bother?


>
> How fast can you send data to a cooperating router down the way if you
> splat
> the low 3 bits of TCP timestamps on a connection routed towards the
> cooperating
> router? (SUre, you just busted somebody's RTT calculation, but it will just
> decide it's a high-jitter path and deal with it).
>

In $random_deployment they have no idea what the topology is and odd
behavior is *always *noticed over time.   The amount of time it would take
to transmit useful information would nearly guarantees someone noticing and
the more successful the exploit was the more chance for discovery there
would be.

• Previous message (by thread): huawei
• Next message (by thread): huawei
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]