lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <5373E658.2040701@sec.in.tum.de>
Date:	Wed, 14 May 2014 23:55:36 +0200
From:	Julian Kirsch <kirschju@....in.tum.de>
To:	netdev@...r.kernel.org
CC:	linux-kernel@...r.kernel.org,
	Christian Grothoff <christian@...thoff.org>
Subject: Collecting data to demonstrate TCP ISN-based port knocking

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi list,

some of you might remember the proposal of a patch which implements a
variant of port-knocking that can be used to check the authenticity of
arbitrary TCP connections and even can do integrity checking of TCP
payload data by using a pre-shared key [0]. This patch, as well as a
research paper describing its inner workings are available on
gnunet.org under the name "Knock" [1].

As Knock uses two fields in the TCP header in order to hide
information and we explicitly want to be compatible with machines
sitting in typical home networks, we need to make sure that this
information doesn't get corrupted by the majority of NAT boxes out
there. The lack of hard data on this also was one of the objections
when the patch was submitted last time. We thus created a program
which tests if Knock could work in your environment. It would be
greatly appreciated if some of you were able to execute the program on
their machines in order to help us to get an estimation of if Knock
one day could be used in a large scale.

You can find sources, binaries and a more elaborate description here:
https://gnunet.org/knock_nat_tester


Best,
Julian Kirsch

- ---
[0] https://lkml.org/lkml/2013/12/10/1155
[1] https://gnunet.org/knock
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAEBAgAGBQJTc+ZUAAoJENwkOWttRRA4iicH/RLvNrlI0SCkHp25RZ1e5/8B
aBO/voua2a0Xw+F1E+60VKAv0Mm9arS1kpySkNuH+GEc2iVau6TmM7wDdZ5V7DaZ
nGpEnx6cS5mVx01qvalWtTUq2XwoVYz9x5mvaZkIt41DjsFxO/EqAyXudwCILRpJ
QMidYhpinjzfq1MgWIyOCLGmFzbUthIEtk/og9dHr8bg1r1bS8CQaQ42js7baa2n
nujp529LMHx+eHZ/f0owkmx5ssoJtpHsgVQr/kTBmAuJwELlOiToMWMCa9uCBbuB
KKjLcrQogX1OjeFPwE7r0hjckn7rQbu1f5GUIGvPV0kYlfUtmknTJ1kHW4FXJxA=
=pW9x
-----END PGP SIGNATURE-----
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ