Re: ICMP spoofed source tunneling

[<raiblehugo () hotmail com>]

In-Reply-To: <20040922203047.GA16153 () nenya lan>

> On Wed, Sep 22, 2004 at 10:06:40AM -1000, Tim Newsham wrote:
> > How does this give anonymity?  When sending to the server, I must use the
> > servers address as a source address.  When the server replies to me, it
> > must use my address as a source address.
>
> Yes - you cannot use this in both directions:
>
> - In the server->client direction, the server can spoof IP source 
>   addresses.
>
> - In the client->server direction, you need to use multi-level "anonymous 
>   proxying", as used by several current P2P implementations (Gnutella for
>   queries, Freenet, GNUnet etc).
>
> The advantage of this is that the available bandwidth can be fully utilized
> in the server->client direction, but at the same time the server IP address
> can remain unknown to the client. With current P2P systems, server->client
> proxying significantly reduces the download bandwidth.
>
> In practice, implementing this will be fairly complicated because you end
> up re-implementing TCP over a highly asymmetric connection.

I remember a discussion (in German) about this some time ago, also discussing congestion problems. See 
http://www.heise.de/newsticker/foren/go.shtml?read=1&msg_id=2617169&forum_id=36041

Babelfish translated: 
http://babelfish.altavista.com/babelfish/trurl_pagecontent?url=http%3A%2F%2Fwww.heise.de%2Fnewsticker%2Fforen%2Fgo.shtml%3Fread%3D1%26msg_id%3D2617169%26forum_id%3D36041&lp=de_en

Enjoy!

Hugo