[36656] in bugtraq
Re: ICMP spoofed source tunneling
daemon@ATHENA.MIT.EDU (raiblehugo@hotmail.com)
Sat Sep 25 13:08:00 2004
Date: 24 Sep 2004 13:43:04 -0000
Message-ID: <20040924134304.8403.qmail@www.securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
From: <raiblehugo@hotmail.com>
To: bugtraq@securityfocus.com
In-Reply-To: <20040922203047.GA16153@nenya.lan>
>On Wed, Sep 22, 2004 at 10:06:40AM -1000, Tim Newsham wrote:
>> How does this give anonymity? When sending to the server, I must use the
>> servers address as a source address. When the server replies to me, it
>> must use my address as a source address.
>
>Yes - you cannot use this in both directions:
>
> - In the server->client direction, the server can spoof IP source
> addresses.
>
> - In the client->server direction, you need to use multi-level "anonymous
> proxying", as used by several current P2P implementations (Gnutella for
> queries, Freenet, GNUnet etc).
>
>The advantage of this is that the available bandwidth can be fully utilized
>in the server->client direction, but at the same time the server IP address
>can remain unknown to the client. With current P2P systems, server->client
>proxying significantly reduces the download bandwidth.
>
>In practice, implementing this will be fairly complicated because you end
>up re-implementing TCP over a highly asymmetric connection.
I remember a discussion (in German) about this some time ago, also discussing congestion problems. See http://www.heise.de/newsticker/foren/go.shtml?read=1&msg_id=2617169&forum_id=36041
Babelfish translated: http://babelfish.altavista.com/babelfish/trurl_pagecontent?url=http%3A%2F%2Fwww.heise.de%2Fnewsticker%2Fforen%2Fgo.shtml%3Fread%3D1%26msg_id%3D2617169%26forum_id%3D36041&lp=de_en
Enjoy!
Hugo
