Re: Interesting call for research...

[Gadi Evron <ge () linuxbox org>]

Dave Aitel wrote:
> halvar () gmx de wrote:
>
> > http://cryptome.org/traceback.htm
>
>
> I like to consider the list of things attackers can do a "To-Do" list. :>
>
> "Research on collection should consider means and technologies to be
> used in host devices in order to watermark or otherwise tag network
> traffic (e.g., time perturbation, resetting protocol parameters)."

What I don't get about this is, that any sensible /defender/ would reset
most of that data anyway, at the firewall.

Most of these flags would be reset.. hey, we aren't trying to do covert
channel chatting, are we? :)

Nothing is as simple as this, but anything that is sent remotely and can
be manipulated along the path and/or locally is useless. Especially if
it has a long path. How far does encapsulation go? How big do packets
get? Do we send more packets for every packet? This can be DDoS fun.

Then there is the point of getting everyone to adopt the new standard.
Haven't we learned the FUSSP lessons from spam?

It's a critically important research. I hope someone will be successful
(without making the Government try to take over the net with legislation).

Oh, and is everyone forgetting botnets? They make this all research
obsolete. :/

> I was thinking you could set weird MTU's on all the routers, and track
> packets that way. It's silly though.

Only way to truly track attacks globally is to have some pretty nifty
software running on a system like Echelon, and even then it won't get
everything and won't be automatic on most counts, no?

Ahh, as a friend of mine said, a mere $10 Million funding? Interesting.

        Gadi.
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
https://lists.immunitysec.com/mailman/listinfo/dailydave