| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: 24 Sep 2004 13:43:04 -0000 From: <raiblehugo@...mail.com> To: bugtraq@...urityfocus.com Subject: Re: ICMP spoofed source tunneling In-Reply-To: <20040922203047.GA16153@...ya.lan> >On Wed, Sep 22, 2004 at 10:06:40AM -1000, Tim Newsham wrote: >> How does this give anonymity? When sending to the server, I must use the >> servers address as a source address. When the server replies to me, it >> must use my address as a source address. > >Yes - you cannot use this in both directions: > > - In the server->client direction, the server can spoof IP source > addresses. > > - In the client->server direction, you need to use multi-level "anonymous > proxying", as used by several current P2P implementations (Gnutella for > queries, Freenet, GNUnet etc). > >The advantage of this is that the available bandwidth can be fully utilized >in the server->client direction, but at the same time the server IP address >can remain unknown to the client. With current P2P systems, server->client >proxying significantly reduces the download bandwidth. > >In practice, implementing this will be fairly complicated because you end >up re-implementing TCP over a highly asymmetric connection. I remember a discussion (in German) about this some time ago, also discussing congestion problems. See http://www.heise.de/newsticker/foren/go.shtml?read=1&msg_id=2617169&forum_id=36041 Babelfish translated: http://babelfish.altavista.com/babelfish/trurl_pagecontent?url=http%3A%2F%2Fwww.heise.de%2Fnewsticker%2Fforen%2Fgo.shtml%3Fread%3D1%26msg_id%3D2617169%26forum_id%3D36041&lp=de_en Enjoy! Hugo
Powered by blists - more mailing lists