lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20040924134304.8403.qmail@www.securityfocus.com>
Date: 24 Sep 2004 13:43:04 -0000
From: <raiblehugo@...mail.com>
To: bugtraq@...urityfocus.com
Subject: Re: ICMP spoofed source tunneling


In-Reply-To: <20040922203047.GA16153@...ya.lan>

>On Wed, Sep 22, 2004 at 10:06:40AM -1000, Tim Newsham wrote:
>> How does this give anonymity?  When sending to the server, I must use the
>> servers address as a source address.  When the server replies to me, it
>> must use my address as a source address.
>
>Yes - you cannot use this in both directions:
>
> - In the server->client direction, the server can spoof IP source 
>   addresses.
>
> - In the client->server direction, you need to use multi-level "anonymous 
>   proxying", as used by several current P2P implementations (Gnutella for
>   queries, Freenet, GNUnet etc).
>
>The advantage of this is that the available bandwidth can be fully utilized
>in the server->client direction, but at the same time the server IP address
>can remain unknown to the client. With current P2P systems, server->client
>proxying significantly reduces the download bandwidth.
>
>In practice, implementing this will be fairly complicated because you end
>up re-implementing TCP over a highly asymmetric connection.

I remember a discussion (in German) about this some time ago, also discussing congestion problems. See http://www.heise.de/newsticker/foren/go.shtml?read=1&msg_id=2617169&forum_id=36041

Babelfish translated: http://babelfish.altavista.com/babelfish/trurl_pagecontent?url=http%3A%2F%2Fwww.heise.de%2Fnewsticker%2Fforen%2Fgo.shtml%3Fread%3D1%26msg_id%3D2617169%26forum_id%3D36041&lp=de_en

Enjoy!

Hugo


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ