From: Daniel Borkmann <dborkman@redhat.com>
To: Christian Grothoff <christian@grothoff.org>
Cc: Julian Kirsch <kirschju@sec.in.tum.de>,
netdev@vger.kernel.org, Jacob Appelbaum <jacob@appelbaum.net>,
Pavel Emelyanov <xemul@parallels.com>
Subject: Re: [PATCH] TCP: Add support for TCP Stealth
Date: Fri, 02 Jan 2015 13:50:56 +0100 [thread overview]
Message-ID: <54A69430.2060800@redhat.com> (raw)
In-Reply-To: <54A56880.6040802@grothoff.org>
On 01/01/2015 04:32 PM, Christian Grothoff wrote:
...
> That approach is highly vulnerable to timing attacks, and doesn't answer
> how TCP clients without special capabilities could set the ISN correctly
> either. Playing with raw sockets is the kind of geeky hack that is
Right, for client/server side you'd need to have the capabilities and
then drop them later, which would make that approach less convenient
for user space applications (despite not having to have a port knocking
uapi in the TCP core itself). For the server, you might get away with a
central daemon spawning sockets via IPC, but for the unprivileged
client to e.g., let it set it's own ISN via setsockopt(2) would be a
bad idea.
> unlikely to give us the combination of usability and security required
> to significantly reduce the ongoing large-scale compromise of network
> equipment by spy agencies.
Out of curiosity, when you say you want to significantly reduce the
large-scale compromise of services by hiding ports, how do you solve
i) the pre-shared key distribution issue you need for your approach
(are you mostly targeting administrators for accessing their companies
router/firewall management interfaces?), and ii) the broad adoption of
this setsockopt(2) in applications? I think for ii) it would be great
not having to change and recompile every possible client _and_ server
application if they don't have the change upstreamed in their project.
It feels like a property that goes beyond the scope of a specific,
individual application, put differently, what about an additional
central configuration interface? Other than that, is there a plan for
key rotations in other words, to have a grace period for a key
transition as peers might not have synced clocks?
next prev parent reply other threads:[~2015-01-02 12:52 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-12-31 21:54 [PATCH] TCP: Add support for TCP Stealth Julian Kirsch
2015-01-01 15:25 ` Daniel Borkmann
2015-01-01 15:32 ` Christian Grothoff
2015-01-02 12:50 ` Daniel Borkmann [this message]
2015-01-02 14:06 ` Christian Grothoff
2015-01-01 19:06 ` Stephen Hemminger
2015-01-01 19:10 ` Stephen Hemminger
2015-01-01 23:31 ` Julian Kirsch
2015-01-02 10:36 ` Hagen Paul Pfeifer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=54A69430.2060800@redhat.com \
--to=dborkman@redhat.com \
--cc=christian@grothoff.org \
--cc=jacob@appelbaum.net \
--cc=kirschju@sec.in.tum.de \
--cc=netdev@vger.kernel.org \
--cc=xemul@parallels.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).