Home page logo
/

nanog logo nanog mailing list archives

Re: huawei
From: Valdis.Kletnieks () vt edu
Date: Fri, 14 Jun 2013 13:51:32 -0400

On Fri, 14 Jun 2013 13:21:09 -0400, Scott Helms said:

How?  There is truly not that much room in the IP packet to play games and
if you're modifying all your traffic this would again be pretty easy to
spot.  Again, the easiest/cheapest method is that there is a backdoor there
already.

Do you actually examine your traffic and drop packets that have non-zeros
in reserved fields?  (Remember what that did to the deployment of ECN?)

And there's plenty of room if you stick a TCP or IP option header in there. Do
you actually check for those too?

How fast can you send data to a cooperating router down the way if you splat
the low 3 bits of TCP timestamps on a connection routed towards the cooperating
router? (SUre, you just busted somebody's RTT calculation, but it will just
decide it's a high-jitter path and deal with it).

Attachment: _bin
Description:


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]