[163703] in North American Network Operators' Group
Re: huawei
daemon@ATHENA.MIT.EDU (Michael Thomas)
Fri Jun 14 13:59:50 2013
Date: Fri, 14 Jun 2013 10:59:01 -0700
From: Michael Thomas <mike@mtcc.com>
To: Valdis.Kletnieks@vt.edu
In-Reply-To: <9245.1371232292@turing-police.cc.vt.edu>
Cc: NANOG <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On 06/14/2013 10:51 AM, Valdis.Kletnieks@vt.edu wrote:
> On Fri, 14 Jun 2013 13:21:09 -0400, Scott Helms said:
>
>> How? There is truly not that much room in the IP packet to play games and
>> if you're modifying all your traffic this would again be pretty easy to
>> spot. Again, the easiest/cheapest method is that there is a backdoor there
>> already.
> Do you actually examine your traffic and drop packets that have non-zeros
> in reserved fields? (Remember what that did to the deployment of ECN?)
>
> And there's plenty of room if you stick a TCP or IP option header in there. Do
> you actually check for those too?
>
> How fast can you send data to a cooperating router down the way if you splat
> the low 3 bits of TCP timestamps on a connection routed towards the cooperating
> router? (SUre, you just busted somebody's RTT calculation, but it will just
> decide it's a high-jitter path and deal with it).
>
Right. The asymmetry here is staggering. That's why they are hugely advantaged
aside from the staggering asymmetry in funding. The only thing that we have on
our side is that with enough eyeballs low probabilities become better, but the
military well knows that problem for centuries, I'm sure.
Mike
