lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-id: <D6F77554-EA69-40C0-A09C-C6EFF6572802@comsys.rwth-aachen.de>
Date: Sun, 03 Oct 2010 11:28:42 +0200
From: Alexander Zimmermann <alexander.zimmermann@...sys.rwth-aachen.de>
To: Netdev <netdev@...r.kernel.org>
Subject: Fwd: [multipathtcp] Call for contribution to middlebox survey
Hi folks,
the Michio Honda from IETF Multipath TCP WG needs some help...
Alex
Anfang der weitergeleiteten E-Mail:
> Von: Michio Honda <micchie@....wide.ad.jp>
> Datum: 3. Oktober 2010 01:30:57 MESZ
> An: Multipath TCP Mailing List <multipathtcp@...f.org>, <tcpm@...f.org>
> Kopie: Mark Handley <m.handley@...ucl.ac.uk>
> Betreff: [multipathtcp] Call for contribution to middlebox survey
>
> Hi,
>
> We are surveying middleboxes affecting TCP in the Internet, and we'd like you to contribute to this work by running 1 python script at your available networks, because we want data of as many paths as possible.
> This script generates test TCP traffic to a server node, and detects various middlebox behavior, for example, it detects how unknown TCP options are treated and if sequence number is rewritten.
>
> - Overview of script
> This generates test TCP traffic by using raw socket or pcap.
> Destinations of the test traffic are port 80, 443 and 34343 on vinson3.sfc.wide.ad.jp, which is located in Japan.
> The total amount of test traffic is approximately 90 connections (not parallel), and each of them uses approximately maximum 2048Byte.
>
> - System requirement
> Our script works on Mac OSX 10.5 or 10.6, Linux (kernel 2.6) and FreeBSD (7.0 or higher). This also requires python 2.5 or higher, and libpcap
> NOTE. if you try in a virtual machine on Windows, please connect the guest OS via not NAT but bridge.
>
> How to run experiment is described below per-OS basis.
>
> After the experiment, you will find 3 log files (logxxxxxxxxx.txt) in the same directory as the experiment.
> Please send them to us (micchie@....wide.ad.jp) and tell me your network information as much as you know (e.g., product name of the broadband router, ISP name, product name of firewall appliance etc...)
> In addition, let us know if you have hesitation to open these information.
> This experiment doesn't collect traffic information other than those our script generated.
>
> ***** How to run the experiment (Mac OSX) *****
>
> 1. Filtering RST TCP segment from OS
> Execute a following command by root:
> ipfw add 101 deny tcp from any to vinson3.sfc.wide.ad.jp dst-port 34343,80,443 tcpflags rst
>
> NOTE: if you are already running ipfw, please add equivalent rules
> After the experiment, you can revert by "ipfw delete 101"
>
> 2. Executing script
> Download script from http://www.micchie.net/software/tcpexposure/for_distrib.tar.gz, and decompress it to anywhere you like (e.g., tar xzf for_distrib.tar.gz by command line)
>
> In the for_distrib directory, execute a following command by root:
> sh run-bsd2.sh
> (This will take approximately 30 min.)
>
>
> ***** How to run the experiment (Linux) *****
>
> 1. Filtering RST TCP segment from OS
> Execute following command by root:
> /sbin/iptables -A OUTPUT -p tcp -d vinson3.sfc.wide.ad.jp --tcp-flags RST RST -m multiport --dports 34343,80,443 -j DROP
>
> NOTE: if you are already running iptables, please add equivalent rules
> After the experiment, you can revert by opposite commands - using -D instead of -A
>
> 2. Executing script
> Download script from http://www.micchie.net/software/tcpexposure/for_distrib.tar.gz, and decompress it to anywhere you like (e.g., tar xzf for_distrib.tar.gz)
>
> In the for_distrib directory, execute a following command by root:
> sh run-linux2.sh
> (This will take approximately 30 min.)
>
>
> ***** How to run the script (FreeBSD) *****
>
> 1. Filtering RST TCP segment from OS
> If you are using neither ipfw nor pf:
> Load pf kernel module with a following command by root:
> kldload /boot/kernel/pf.ko
>
> Add following 2 lines to /etc/pf.conf (please replace IFNAME to your outgoing interface name (e.g., em0):
> pass out all
> block out quick on IFNAME proto tcp to vinson3.sfc.wide.ad.jp port {34343,80,443} flags R/R
>
> Execute following command by root:
> pfctl -e -f /etc/pf.conf
>
> If you are already running pf, please add equivalent rules
> After the experiment, you can revert settings by cleaning up /etc/pf.conf and executing "pfctl -d" by root
>
> If you are already using ipfw:
> Please add a following rule to ipfw configuration:
> deny tcp from any to vinson3.sfc.wide.ad.jp dst-port 34343,80,443 tcpflags rst
>
> 2. Executing script
> Download script from http://www.micchie.net/software/tcpexposure/for_distrib.tar.gz, and decompress it to anywhere you like (e.g., tar xzf for_distrib.tar.gz)
>
> In the for_distrib directory, execute a following command by root:
> sh run-bsd2.sh
> (This will take approximately 30 min.)
>
>
> Best regards,
> - Michio
>
> _______________________________________________
> multipathtcp mailing list
> multipathtcp@...f.org
> https://www.ietf.org/mailman/listinfo/multipathtcp
//
// Dipl.-Inform. Alexander Zimmermann
// Department of Computer Science, Informatik 4
// RWTH Aachen University
// Ahornstr. 55, 52056 Aachen, Germany
// phone: (49-241) 80-21422, fax: (49-241) 80-22222
// email: zimmermann@...rwth-aachen.de
// web: http://www.umic-mesh.net
//
Download attachment "PGP.sig" of type "application/pgp-signature" (196 bytes)
Powered by blists - more mailing lists