lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Thu, 01 Jan 2015 16:32:16 +0100
From:	Christian Grothoff <christian@...thoff.org>
To:	Daniel Borkmann <dborkman@...hat.com>,
	Julian Kirsch <kirschju@....in.tum.de>
CC:	netdev@...r.kernel.org, Jacob Appelbaum <jacob@...elbaum.net>,
	Pavel Emelyanov <xemul@...allels.com>
Subject: Re: [PATCH] TCP: Add support for TCP Stealth

Dear Daniel,

That approach is highly vulnerable to timing attacks, and doesn't answer
how TCP clients without special capabilities could set the ISN correctly
either. Playing with raw sockets is the kind of geeky hack that is
unlikely to give us the combination of usability and security required
to significantly reduce the ongoing large-scale compromise of network
equipment by spy agencies.

Christian

On 01/01/2015 04:25 PM, Daniel Borkmann wrote:
> 
> /me wondering (haven't tried that though) ... have you considered f.e.
> building a library using a raw packet socket with a BPF filter to capture
> SYN packets and then TCP_REPAIR [1] to build a full-blown TCP socket out
> of it in case of a correct authentication from the ISN?
> 
> Thanks,
> Daniel


Download attachment "signature.asc" of type "application/pgp-signature" (837 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ