svn commit: r280971 - in head: contrib/ipfilter/tools share/man/man4 sys/contrib/ipfilter/netinet sys/netinet sys/netipsec sys/netpfil/pf
Robert N. M. Watson
rwatson at FreeBSD.org
Fri Apr 3 10:58:41 UTC 2015
On 3 Apr 2015, at 11:41, Hans Petter Selasky <hps at selasky.org> wrote:
> On 04/03/15 11:31, Robert N. M. Watson wrote:
>> TCP/IP covert and side channels
>
> Hi,
>
> Can you provide a reference to a document in the area of "TCP/IP covert and side channels" which is considered state of the art? Or is this litterature not publically available?
I'm not sure there's a recent survey article on the topic, but a keyword search of the ACM Digital Library returns 493 articles for "TCP covert channel". The second is this article by my colleague Steven Murdoch:
http://www.cl.cam.ac.uk/~sjm217/papers/ih05coverttcp.pdf
It contains a nice introduction to the concepts and 2005 framing, but there has been significant work in this area since that was published.
Note that the goal of a stronger IP ID scheme is *not* randomness per se: it is a blend of non-predictability with maximising the interval of non-reuse of IP IDs. Simple use of a random number generator accomplishes the former adequately -- but the latter not at all, as it makes no guarantees about reuse interval -- and in fact can experience pessimal reuse intervals in normal operation. Mike Silbersack did quite a bit of work in this area in FreeBSD about a decade ago and is the person you want to talk to to understand the IP ID issue better.
However, the more fundamental issue, regardless of covert and side channels, is that we share the IP ID space across many 2-tuples. Addressing that issue would markedly improve the robustness of large UDP datagram support -- while as a side effect reducing covert and side channels far more effectively than randomisation.
Robert
More information about the svn-src-head
mailing list