[163701] in North American Network Operators' Group
Re: huawei
daemon@ATHENA.MIT.EDU (Valdis.Kletnieks@vt.edu)
Fri Jun 14 13:52:40 2013
To: Scott Helms <khelms@zcorum.com>
In-Reply-To: Your message of "Fri, 14 Jun 2013 13:21:09 -0400."
<CAMrdfRwYqcHmh0MiceD2wWnXzXPKUPFnJETU8Zbv-jzYUsnu7w@mail.gmail.com>
From: Valdis.Kletnieks@vt.edu
Date: Fri, 14 Jun 2013 13:51:32 -0400
Cc: NANOG <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
--==_Exmh_1371232292_2316P
Content-Type: text/plain; charset=us-ascii
On Fri, 14 Jun 2013 13:21:09 -0400, Scott Helms said:
> How? There is truly not that much room in the IP packet to play games and
> if you're modifying all your traffic this would again be pretty easy to
> spot. Again, the easiest/cheapest method is that there is a backdoor there
> already.
Do you actually examine your traffic and drop packets that have non-zeros
in reserved fields? (Remember what that did to the deployment of ECN?)
And there's plenty of room if you stick a TCP or IP option header in there. Do
you actually check for those too?
How fast can you send data to a cooperating router down the way if you splat
the low 3 bits of TCP timestamps on a connection routed towards the cooperating
router? (SUre, you just busted somebody's RTT calculation, but it will just
decide it's a high-jitter path and deal with it).
--==_Exmh_1371232292_2316P
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001
iQIVAwUBUbtYJAdmEQWDXROgAQLthhAAlxsZ9h6hXQzSnfFq12Z76dFvwr0GiufG
X4xizH1oG6KrKsC/CurjSCj8/yvs7HMicDPEq+llMGVL6ep2wP3hOGloXBSWNwcm
5zxziNtRWGarBOM9VIPBhj9+AnubUpN9pPISvVDvcuRmlDiqSgJ6x3ISOnick9Ss
T2pG8PgrXrYgZRdf1CKo+CqXlIuenhSYcH1445mRVGQx01lwIPoOAvAHTsdejYbs
wOpn874RFAHlHnXOMJ3F7FNH0rF27jupERH0ghHd22RaeiXyJAqJeCe5fnsChoM6
2kb/47EUp/3Lv63E/T9f87qMwWGgRlfqufPNs2sA9+EH0S1feeoCH18Vw6MoJc4O
RgCVty7lIX2VhT4nLXMfZsoNcvGHhMbEE1ePA3qDSSqXB/Z6VrdewVAKXCUlEkGC
57WLngDnIndTJCIGRcJCjXtqsaW5EapH5WeWYklTzumnCiMRjNfG1W2qSRnpJxSd
RvzSr8zOXVBG0x9onEiKjEDMez6BpBa5IlCdDDxfH6KRM0hkeIeGARcASuk+GYnk
1PZFZB1WT24vLvWYQ7hm4JEI7UCDnKQ76X/FQxYI31N5RjTcRibC5YwnmXnF6A1s
/8bRLhNUAGWGZdXVTDMFnR0BmA4LF8yGpZKaqNqRgLwIjPje+hwbbUKMww48ke8c
bZn1zLA/PfQ=
=T0yc
-----END PGP SIGNATURE-----
--==_Exmh_1371232292_2316P--
