[32026] in bugtraq
Re: [Full-Disclosure] RE: [PAPER] Juggling with packets: floating
daemon@ATHENA.MIT.EDU (Michal Zalewski)
Wed Oct 8 17:06:01 2003
Date: Wed, 8 Oct 2003 19:53:41 +0200 (CEST)
From: Michal Zalewski <lcamtuf@ghettot.org>
Cc: full-disclosure@netsys.com
In-Reply-To: <200310081658.h98Gww709860@netsys.com>
Message-ID: <Pine.LNX.4.58.0310081949170.7809@nimue.bos.bindview.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Resent-From: Michal Zalewski <lcamtuf@coredump.cx>
Resent-To: bugtraq@securityfocus.com
On Wed, 8 Oct 2003, Alun Jones wrote:
>> A real juggler would focus on a different kind of outsourced data
> Of course, a real network engineer would remind you that you face two
> immediate problems regarding this technique:
>
> 1. [UDP] Jugglers don't usually have to deal with oranges suddenly
> disappearing in midflight, or being duplicated.
Not really; the problem is trivially solved by maintaining a redundancy of
the data. Choosing the right parameters to maintain realiability is
perhaps the only challenge here, and it depends on the environment and
the set of bounce hosts.
> 2. [TCP] Jugglers don't have to hold onto a copy of their thrown orange
> until such time as the catching hand lets them know that it's been caught.
No need to - the problem is solved by fire-and-forget + redundancy,
likening TCP to UDP; in addition, the paper proposes a method of storing
data using mechanisms such as a sustained command on the remote server,
where there is no need to resend the data on a regular basis, so even if
you use reliable TCP/IP stack, there is no need to keep any data for an
extended period of time on your end.
Cheers,
--
------------------------- bash$ :(){ :|:&};: --
Michal Zalewski * [http://lcamtuf.coredump.cx]
Did you know that clones never use mirrors?
--------------------------- 2003-10-08 19:49 --
http://lcamtuf.coredump.cx/photo/current/
