Re: RFC 3514 support?

Re: RFC 3514 support?

[Arnt Karlsen]

On Tue, 1 Apr 2003 14:54:04 -0800, 
"Daniel Chemko" <dchemko@smgtec.com> wrote in message 
<7C9884991ADAE0479C14F10C858BCDF50C6FEA@alderaan.smgtec.com>:

> http://news.com.com/2100-1001-257064.html?legacy=cnet&tag=nbs

..looks like the RFC-3514 Implementation Team has started 
the fun quicker, the 2549 team took a year or so.  ;-)

> -----Original Message-----
> From: Arnt Karlsen [mailto:arnt@c2i.net] 
> Sent: Tuesday, April 01, 2003 1:13 PM
> To: netfilter@lists.netfilter.org
> Subject: Re: RFC 3514 support?
> 
> On Tue, 1 Apr 2003 10:36:11 -0800 (PST), 
> Scott MacKay <scottmackay@yahoo.com> wrote in message 
> <20030401183611.37140.qmail@web13904.mail.yahoo.com>:
> 
> will this enhance quality of service for avian carrier 
> grade links too? (http://www.faqs.org/ftp/rfc/rfc2549.txt)
> 
> > I plan to add it into my userspace mangler, but only
> > for suspicious source IP addresses (like ones which
> > resolve with dangerous works like 'sinister')   :)
> > 
> > I also intend to shortcut some of the design for item
> > (4) by simply having a toggled bit to determine if it
> > should be on or off (thus achieving true, pure, even
> > randomness)...
> > 
> > -Scott
> > 
> > --- Bob Keyes <bob@sinister.com> wrote:
> > > I am wondering if there are any plans to support RFC
> > > 3514 in netfilter?
> > > ftp://ftp.rfc-editor.org/in-notes/rfc3514.txt
> > > 
> > > Specifically, I'd like to tag all kazaa packets.
> > 
> > 
> > __________________________________________________
> > Do you Yahoo!?
> > Yahoo! Tax Center - File online, calculators, forms, and more
> > http://platinum.yahoo.com
> > 
> 
> 


-- 
..med vennlig hilsen = with Kind Regards from Arnt... ;-)
...with a number of polar bear hunters in his ancestry...
  Scenarios always come in sets of three: 
  best case, worst case, and just in case.

RE: RFC 3514 support?

[Daniel Chemko]

Toggled bit randomness? Are you sure that is secure. I see a big pile of
trouble resulting from this e-bit. What about timing attacks using ebit
detection! Ack, I just got hacked by the evil bit of my own sinister
personality. Crud puppies!


-----Original Message-----
From: Scott MacKay [mailto:scottmackay@yahoo.com] 
Sent: Tuesday, April 01, 2003 10:36 AM
To: netfilter@lists.netfilter.org
Subject: Re: RFC 3514 support?

I plan to add it into my userspace mangler, but only
for suspicious source IP addresses (like ones which
resolve with dangerous works like 'sinister')   :)

I also intend to shortcut some of the design for item
(4) by simply having a toggled bit to determine if it
should be on or off (thus achieving true, pure, even
randomness)...

-Scott

--- Bob Keyes <bob@sinister.com> wrote:
> I am wondering if there are any plans to support RFC
> 3514 in netfilter?
> ftp://ftp.rfc-editor.org/in-notes/rfc3514.txt
> 
> Specifically, I'd like to tag all kazaa packets.


__________________________________________________
Do you Yahoo!?
Yahoo! Tax Center - File online, calculators, forms, and more
http://platinum.yahoo.com

RE: RFC 3514 support?

[Jeremy Jones]

The problem I see with netfilter supporting this is simply demand.  Right
now there are too few applications that support it, and too few developers
willing to build it into their code.  So there's just very little interest.
Of course, if Microsoft begins to build it into their IP stack -- which
they've announced they will, IIRC, with the next service pack for Windows XP
-- things will probably change.

BTW, I think there's a patch for snort to support this rfc out there
somewhere.

Jeremy

-----Original Message-----
From: netfilter-admin@lists.netfilter.org
[mailto:netfilter-admin@lists.netfilter.org] On Behalf Of Daniel Chemko
Sent: Tuesday, April 01, 2003 1:08 PM
To: Scott MacKay; netfilter@lists.netfilter.org
Subject: RE: RFC 3514 support?


Toggled bit randomness? Are you sure that is secure. I see a big pile of
trouble resulting from this e-bit. What about timing attacks using ebit
detection! Ack, I just got hacked by the evil bit of my own sinister
personality. Crud puppies!


-----Original Message-----
From: Scott MacKay [mailto:scottmackay@yahoo.com] 
Sent: Tuesday, April 01, 2003 10:36 AM
To: netfilter@lists.netfilter.org
Subject: Re: RFC 3514 support?

I plan to add it into my userspace mangler, but only
for suspicious source IP addresses (like ones which
resolve with dangerous works like 'sinister')   :)

I also intend to shortcut some of the design for item
(4) by simply having a toggled bit to determine if it
should be on or off (thus achieving true, pure, even
randomness)...

-Scott

--- Bob Keyes <bob@sinister.com> wrote:
> I am wondering if there are any plans to support RFC
> 3514 in netfilter?
> ftp://ftp.rfc-editor.org/in-notes/rfc3514.txt
> 
> Specifically, I'd like to tag all kazaa packets.


__________________________________________________
Do you Yahoo!?
Yahoo! Tax Center - File online, calculators, forms, and more
http://platinum.yahoo.com

RE: RFC 3514 support?

[Jeremy Jones]

The problem I see with netfilter supporting this is simply demand.  Right
now there are too few applications that support it, and too few developers
willing to build it into their code.  So there's just very little interest.
Of course, if Microsoft begins to build it into their IP stack -- which
they've announced they will, IIRC, with the next service pack for Windows XP
-- things will probably change.

BTW, I think there's a patch for snort to support this rfc out there
somewhere.

Jeremy

-----Original Message-----
From: netfilter-admin@lists.netfilter.org
[mailto:netfilter-admin@lists.netfilter.org] On Behalf Of Daniel Chemko
Sent: Tuesday, April 01, 2003 1:08 PM
To: Scott MacKay; netfilter@lists.netfilter.org
Subject: RE: RFC 3514 support?


Toggled bit randomness? Are you sure that is secure. I see a big pile of
trouble resulting from this e-bit. What about timing attacks using ebit
detection! Ack, I just got hacked by the evil bit of my own sinister
personality. Crud puppies!


-----Original Message-----
From: Scott MacKay [mailto:scottmackay@yahoo.com] 
Sent: Tuesday, April 01, 2003 10:36 AM
To: netfilter@lists.netfilter.org
Subject: Re: RFC 3514 support?

I plan to add it into my userspace mangler, but only
for suspicious source IP addresses (like ones which
resolve with dangerous works like 'sinister')   :)

I also intend to shortcut some of the design for item
(4) by simply having a toggled bit to determine if it
should be on or off (thus achieving true, pure, even
randomness)...

-Scott

--- Bob Keyes <bob@sinister.com> wrote:
> I am wondering if there are any plans to support RFC
> 3514 in netfilter?
> ftp://ftp.rfc-editor.org/in-notes/rfc3514.txt
> 
> Specifically, I'd like to tag all kazaa packets.


__________________________________________________
Do you Yahoo!?
Yahoo! Tax Center - File online, calculators, forms, and more
http://platinum.yahoo.com

RFC 3514 support?

[Bob Keyes]

I am wondering if there are any plans to support RFC 3514 in netfilter?
ftp://ftp.rfc-editor.org/in-notes/rfc3514.txt

Specifically, I'd like to tag all kazaa packets.

Re: RFC 3514 support?

[Scott MacKay]

I plan to add it into my userspace mangler, but only
for suspicious source IP addresses (like ones which
resolve with dangerous works like 'sinister')   :)

I also intend to shortcut some of the design for item
(4) by simply having a toggled bit to determine if it
should be on or off (thus achieving true, pure, even
randomness)...

-Scott

--- Bob Keyes <bob@sinister.com> wrote:
> I am wondering if there are any plans to support RFC
> 3514 in netfilter?
> ftp://ftp.rfc-editor.org/in-notes/rfc3514.txt
> 
> Specifically, I'd like to tag all kazaa packets.


__________________________________________________
Do you Yahoo!?
Yahoo! Tax Center - File online, calculators, forms, and more
http://platinum.yahoo.com

Re: RFC 3514 support?

[Arnt Karlsen]

On Tue, 1 Apr 2003 10:36:11 -0800 (PST), 
Scott MacKay <scottmackay@yahoo.com> wrote in message 
<20030401183611.37140.qmail@web13904.mail.yahoo.com>:

..will this enhance quality of service for avian carrier 
grade links too? (http://www.faqs.org/ftp/rfc/rfc2549.txt)

> I plan to add it into my userspace mangler, but only
> for suspicious source IP addresses (like ones which
> resolve with dangerous works like 'sinister')   :)
> 
> I also intend to shortcut some of the design for item
> (4) by simply having a toggled bit to determine if it
> should be on or off (thus achieving true, pure, even
> randomness)...
> 
> -Scott
> 
> --- Bob Keyes <bob@sinister.com> wrote:
> > I am wondering if there are any plans to support RFC
> > 3514 in netfilter?
> > ftp://ftp.rfc-editor.org/in-notes/rfc3514.txt
> > 
> > Specifically, I'd like to tag all kazaa packets.
> 
> 
> __________________________________________________
> Do you Yahoo!?
> Yahoo! Tax Center - File online, calculators, forms, and more
> http://platinum.yahoo.com
> 


-- 
..med vennlig hilsen = with Kind Regards from Arnt... ;-)
...with a number of polar bear hunters in his ancestry...
  Scenarios always come in sets of three: 
  best case, worst case, and just in case.

Re: RFC 3514 support?

[Scott MacKay]

I cannot see how that would be affected, IMHO.  The
only potential concern I would have is if someone saw
('snooping', 'tcpdumping', or 'birdwatching') the evil
bit active on an actively carried packet and 'dropped'
the carrier.  This would result in an increase in data
loss and depopulation of the carriers....

-Scott


--- Arnt Karlsen <arnt@c2i.net> wrote:
> On Tue, 1 Apr 2003 10:36:11 -0800 (PST), 
> Scott MacKay <scottmackay@yahoo.com> wrote in
> message 
>
<20030401183611.37140.qmail@web13904.mail.yahoo.com>:
> 
> ..will this enhance quality of service for avian
> carrier 
> grade links too?
> (http://www.faqs.org/ftp/rfc/rfc2549.txt)
> 
> > I plan to add it into my userspace mangler, but
> only
> > for suspicious source IP addresses (like ones
> which
> > resolve with dangerous works like 'sinister')   :)
> > 
> > I also intend to shortcut some of the design for
> item
> > (4) by simply having a toggled bit to determine if
> it
> > should be on or off (thus achieving true, pure,
> even
> > randomness)...
> > 
> > -Scott
> > 
> > --- Bob Keyes <bob@sinister.com> wrote:
> > > I am wondering if there are any plans to support
> RFC
> > > 3514 in netfilter?
> > > ftp://ftp.rfc-editor.org/in-notes/rfc3514.txt
> > > 
> > > Specifically, I'd like to tag all kazaa packets.
> > 
> > 
> > __________________________________________________
> > Do you Yahoo!?
> > Yahoo! Tax Center - File online, calculators,
> forms, and more
> > http://platinum.yahoo.com
> > 
> 
> 
> -- 
> ..med vennlig hilsen = with Kind Regards from
> Arnt... ;-)
> ...with a number of polar bear hunters in his
> ancestry...
>   Scenarios always come in sets of three: 
>   best case, worst case, and just in case.
> 
> 
> 


__________________________________________________
Do you Yahoo!?
Yahoo! Tax Center - File online, calculators, forms, and more
http://platinum.yahoo.com

Re: RFC 3514 support?

[Martin Josefsson]

On Tue, 2003-04-01 at 20:12, Bob Keyes wrote:
> I am wondering if there are any plans to support RFC 3514 in netfilter?
> ftp://ftp.rfc-editor.org/in-notes/rfc3514.txt
> 
> Specifically, I'd like to tag all kazaa packets.

Hehe, I sent patches for it to the netfilter-devel list earlier today...
You can probably get them from marc.theaimsgroup.com if you really want
them...

-- 
/Martin

Re: RFC 3514 support?

[Bob Keyes]

On 1 Apr 2003, Martin Josefsson wrote:

> On Tue, 2003-04-01 at 20:12, Bob Keyes wrote:
> > I am wondering if there are any plans to support RFC 3514 in netfilter?
> > ftp://ftp.rfc-editor.org/in-notes/rfc3514.txt
> >
> > Specifically, I'd like to tag all kazaa packets.
>
> Hehe, I sent patches for it to the netfilter-devel list earlier today...
> You can probably get them from marc.theaimsgroup.com if you really want
> them...

Thanks martin...great job!