IPv4 Headers Investigated 347
An anonymous reader writes "New security measures are being suggested (see RFC 3514) for the IPv4 header. The measures include a bit that can be set and unset according to whether the packet is secure or not. Due to the important security implications, anyone coding client/server internet applications might want to take a look."
oh my! (Score:2)
Re:oh my! (Score:2)
Jeez (Score:5, Informative)
Re:Jeez (Score:5, Funny)
You know him. He was at your school, too.
Re:Jeez (Score:5, Funny)
Have you learned any new ones yet?
Re:Jeez (Score:3, Funny)
Hey, that was ME!!!!
Re:Jeez (Score:5, Funny)
Oh, and did you hear about the new RFC [rfc-editor.org] for new security measures in IPv4?
Re:Jeez (Score:2)
Re:Jeez (Score:3, Informative)
>You know him. He was at your school, too.
You may think that's funny, but CowboyNeal has feelings too!
What is scariest (Score:3, Funny)
Re:Jeez (Score:2, Informative)
Re:Jeez (Score:2)
Re:Jeez (Score:2)
Re:Jeez (Score:2)
he knows people get pissed off when normal stories are duped, so this is his way of saying "yeah, I know that's goin on- normally it's not intentional."
did you se the department for the igrill?
it was from the "slashvertisements" dept- a commonly used slang that people use because slashdot posts a lot of articles about cool stuff they find.
enjoy it- they are.
Re:Jeez (duplicate stories) (Score:2)
Re:Jeez (Score:2)
Sing it with me now... (Score:5, Funny)
yes it goes on and on my friends.
Ol' Taco started posting it, not knowing what it was,
And he'll continue posting it forever just because,
This is the post that doesn't end,
yes it goes on and on my friends..."
Re:Jeez (Score:2)
All funnies aside... (Score:2)
Re:uh (Score:2)
Re:uh (Score:2)
The editors are on the offence today. Dupes may be lame. Tripes and quadrupes are new though. Wonder how far Taco will take it. Here's hoping to see people complain about a decaquintupe before the day is over.
Re:uh (Score:5, Funny)
Tripes and quadrupes are new though.
I don't know about quadrupes, but they do post tripe rather frequently.
Re:Jeez (Score:5, Insightful)
Different people have different sense of humor. You are not a true slashgeek if you don't find these intentional quadrupes funny... kinda like a self-parody of Slash... ;-)
Personnally, I find this year's April fool's much better then previous years', when most stories were just senseless drivel. This year's stories are believable enough that people could fall for them (just watch some of the comments that think this quadrupe was unintentional. In my book, that's falling for it. Of course some of these comments might just have pretended to be falling for it, in order to take in people like me ;-). And there's still enough serious stories there that people cannot just blindly assume everything is a hoax either.
Re:Jeez (Score:2)
Fourth post! (Score:3, Funny)
Re:Fourth post! (Score:5, Funny)
Re:Fourth post! (Score:2)
The fifth one will be pupe!
Re:Fourth post! (Score:2)
Re:Fourth post! (Score:2)
.
Re:Fourth post! (Score:2)
Re:Fourth post! (Score:2)
(this post is a dupe too)
Wish I had known about this earlier. (Score:3, Funny)
Yay! Another Dupe! (Score:2)
I wonder, exactly, how many people submitted this story... or is CmdrTaco just making them up?
Meta-April Fools Joke (Score:3, Interesting)
Re:Meta-April Fools Joke (Score:2)
Re:Meta-April Fools Joke (Score:2)
My bet is 8.... ;-)
As a side note: I forwarded the RFC to one of the security guys up-stream from me asking what we were going to do about filtering for this, and HE sent it upstream from him....
I wonder if he even bothered to read it....
Why does that scare me?
Anticipation is making me wait (Score:5, Funny)
Re:Anticipation is making me wait (Score:5, Funny)
Re:Anticipation is making me wait (Score:2)
After the fourth posting of this same story in 24 hours, you'd hope he could get the spelling and grammar right. You'd hope.
In other news... (Score:4, Funny)
Linus has joined redhat.
Slackware is closing down.
Linux now runs on single entangled electrons at MIT
etc etc etc
And Iraq will win the war (Score:2)
Re:In other news... (Score:2)
Slackware is closing down.
Patrick is abandoning it for a superior distribution going by the name of SLS...
-- Steve
Re:In other news... (Score:2)
That would be funny.
Re:In other news... (Score:2)
> "Microsoft has released..."
Only in the U.S. corporations are considered to be actual people. Until this is fixed (ha) the least you can do is not refer to them as such.
Re:Looks familiar (Score:2)
Hmm, makes you wonder if the grand-parent was karma-whoring or being ironic (by posting a "comment dupe")...
fruit loops (Score:2)
CmdrTaco Impersonator? (Score:2)
IPv6 (Score:2)
Related news... (Score:5, Funny)
This is something I think they'd be very interested in.
Errr? 4 times now? (Score:2)
Only one thing left to do. (Score:2)
too bad the site is slashdotted! (Score:2)
Cute. Actually the fifth time this has been posted (Score:2)
http://slashdot.org
http://slashdot.org/article.p l?sid=03/04/01/133217 &mode=thread&tid=95
http://slashdot.org/article.p l?sid=03/04/01/143420 9&mode=thread&tid=95&tid=172
http://slashdot.org/ article.pl?sid=03/04/01/144023 0&mode=thread&tid=172
Nice April Fool's Day joke. Blah.
Re:Cute. Actually the fifth time this has been pos (Score:2)
http://slashdot.org/article.pl?sid=03/04/01/02182 2 6&mode=thread&tid=172&tid=156
http://slashdot.org/article.pl?sid=03/04/01/133217 &mode=thread&tid=95
http://slashdot.org/article.p l?sid=03/04/01/133217 &mode=thread&tid=95
http://slashdot.org/article.pl?sid=03/04/01/1434 20 9&mode=thread&tid=95&tid=172
http://slashdot.org/ article.pl?sid=03/04/01/144023 0&mode=thread&tid=172
Someone got excited and duped his dupe co
Re:Cute. Actually the fifth time this has been pos (Score:2)
Re:Cute. Actually the fifth time this has been pos (Score:2)
It has to be said (Score:5, Funny)
wait... (Score:2)
What do Nessus and ISS do? (Score:2)
So.....
Do tools like Nessus and ISS Set or Clear the evil bit?
Quade post (Score:2)
Rent a sense of humor (Score:2, Insightful)
What is the thing that we bitch most about? Dupes. What are the /. crowd doing? Posting dupes. Duh.
It's quite funny but it ceases to be funny if it needs to be explained. So just go away and don't read /. today, k? thx!
And in case you missed it... (Score:2)
Heh, and I loved the overview of the flags in the protocol.
Sure we can grasp that complexity?
That's IT! (Score:2)
Oh and Happy April Fool's Day to you too. You bastage.
I Love Taco (Score:3, Informative)
ONCE MORE... (Score:2)
The Dupe of Amontillado (Score:2)
I r00lz! (Score:2)
When you duplicate a dupe ... (Score:2)
uhh (Score:2)
This is a sign... (Score:2)
from Taco's Revelations Chapter 41 verses 20-03
Yea, and thou shall see on the fourth correspondence a great many people annoucing its mighty fourthness and a great many people will know a plague has struck. The ovens shall be alit from for away with the fearsome second cereal bus of everyone and the postings shall boil over, the sky will fall, stricking on every evil bit. And thou shall know that his name is the Lord and April's Day has come to you al
Where are the April Fools posts? (Score:3, Funny)
Quad? (Score:2)
Triplicate...tripe (with thanks to whoever thought it up)
Quadruplicate... quipe? quap? el quapaqudara?
Oh my, I wonder how far I'm going to have to go with this....
Someone told taco to do this back in FEBRUARY: (Score:5, Informative)
hehe
Post gormlessness. Snicker. Repeat. (Score:2)
The Onion [theonion.com] has taken all the good ideas.
Did anyone mention... (Score:2)
just imagine... (Score:2)
it must be a slow day
And he makes it a hat trick! (Score:3, Informative)
He just doesn't care.
Now THAT is comedy.
I can't read these articles... (Score:2)
Dupe. (Score:2)
Dupe post record. 4 on the front page! gg Taco! (Score:3, Informative)
Request for Comments: 3514 AT&T Labs Research
Category: Informational 1 April 2003
The Security Flag in the IPv4 Header
Status of this Memo
This memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited.
Copyright Notice
Copyright (C) The Internet Society (2003). All Rights Reserved.
Abstract
Firewalls, packet filters, intrusion detection systems, and the like often have difficulty distinguishing between packets that have malicious intent and those that are merely unusual. We define a security flag in the IPv4 header as a means of distinguishing the two cases.
1. Introduction
Firewalls CBR03 , packet filters, intrusion detection systems, and the like often have difficulty distinguishing between packets that have malicious intent and those that are merely unusual. The problem is that making such determinations is hard. To solve this problem, we define a security flag, known as the "evil" bit, in the IPv4 RFC791 header. Benign packets have this bit set to 0; those that are used for an attack will have the bit set to 1.
1.1. Terminology
The keywords MUST, MUST NOT, REQUIRED, SHALL, SHALL NOT, SHOULD, SHOULD NOT, RECOMMENDED, MAY, and OPTIONAL, when they appear in this document, are to be interpreted as described in RFC2119
2. Syntax
The high-order bit of the IP fragment offset field is the only unused bit in the IP header. Accordingly, the selection of the bit position is not left to IANA.
The bit field is laid out as follows:
0
+-+
|E|
+-+
Currently-assigned values are defined as follows:
0x0 If the bit is set to 0, the packet has no evil intent. Hosts, network elements, etc., SHOULD assume that the packet is harmless, and SHOULD NOT take any defensive measures. (We note
that this part of the spec is already implemented by many common desktop operating systems.)
0x1 If the bit is set to 1, the packet has evil intent. Secure systems SHOULD try to defend themselves against such packets. Insecure systems MAY chose to crash, be penetrated, etc.
3. Setting the Evil Bit
There are a number of ways in which the evil bit may be set. Attack applications may use a suitable API to request that it be set. Systems that do not have other mechanisms MUST provide such an API; attack programs MUST use it.
Multi-level insecure operating systems may have special levels for attack programs; the evil bit MUST be set by default on packets emanating from programs running at such levels. However, the system MAY provide an API to allow it to be cleared for non-malicious activity by users who normally engage in attack behavior.
Fragments that by themselves are dangerous MUST have the evil bit set. If a packet with the evil bit set is fragmented by an intermediate router and the fragments themselves are not dangerous, the evil bit MUST be cleared in the fragments, and MUST be turned back on in the reassembled packet.
Intermediate systems are sometimes used to launder attack connections. Packets to such systems that are intended to be relayed to a target SHOULD have the evil bit set.
Some applications hand-craft their own packets. If these packets are part of an attack, the application MUST set the evil bit by itself.
In networks protected by firewalls, it is axiomatic that all attackers are on the outside of the firewall. Therefore, hosts inside the firewall MUST NOT set the evil bit on any packets.
Because NAT RFC3022 boxes modify packets, they SHOULD set the evil bit on such packets. "Transparent" http and email proxies SHOULD set the evil bit on their reply packets to the innocent client host.
Some hosts scan other hosts in a fashion that can alert intrusion detection systems. If the scanning is part of a benign research project, the evil bit MUST NOT be set
Maybe we need... (Score:2)
Maybe we need a duplicate story bit too...
We GET it already!! (Score:3, Informative)
Is everybody ready for the internet cleaning day?
C'mon, though really...it was funny the first time. Humorous the second, but come ON....Are you going for a record or something?
Actually, hell...it's probably a reference to something mentioned in the RFC(j)...I just haven't taken the time to read it yet.
modern methods to the rescue (Score:4, Interesting)
RFC 1315 (Score:4, Funny)
Re:RFC 1315 (Score:2)
We're up to $dupe == 4
while ("$admin" eq "CmdrTaco"){
$dupe++;
};
(just kidding Cmdr. Don't nuke my acc't)
Re:RFC 1315 (Score:2)
Re:God Dammit! (Score:2, Funny)
Re:God Dammit! (Score:5, Funny)
You don't see the pattern here?
Story
Story
Dup Evil bit
Story
Story
Dup Evil bit
It'll be pretty much like this all day, today. And people were annoyed with the plethora of Apr. 1 gags last year. The Peter Jackson/King Kong is real, afaik, as it's been in the news the prior couple days. (How did that one slip through?)
In other news:
Re:God Dammit! (Score:3, Interesting)
I kinda like The Matrix Lower Upper Decomposition, and the electro-political thriller Gaussian Elimination.
Re:God Dammit! (Score:3, Informative)
Re:Is the joke that this is a four-peat? (Score:2)
--
side note: whoa! this is a weird one
Is this part of april fools or is this standard operating procedure for slashdot.
Re:Is the joke that this is a four-peat? (Score:5, Insightful)
It is getting less and less funny."
Perhaps if y'all didn't act like Slashdot commited a mortal sin whenever the occasional dupe occured, Taco wouldn't have found this joke so amusing. Mmmm?
Frankly I think it's hilarious. I hope you all have learned a lesson now. Stop bitching about story dupes or this joke'll be around next year too.
Next Year? (Score:3, Funny)
Next Year? Ha!
I'm betting on tomorrow.
Re:Is the joke that this is a four-peat? (Score:2)
Ooh! New slashdot slogan time. (Score:2)
News for Nerds. Take what you're given and like it.
Slashdot
News for Nerds. Stuff that matters. Constructive criticizers can get their own damn site.
SSllaasshhddoott
IItt''ss nnoott aa dduuppee,, iitt''ss llooccaall eecchhoo..
Slashdot
If we can write this well in english, just imagine what our perl looks like.
Slashdot
What we get wrong, the hive mind fixes.
Slashdot
Driving members to kuro5hin since 1999.
No, I want more! (Score:2)
Re:Taco: (Score:2)
Re:APRIL FOOLS ALREADY!! (Score:2)
It's posts like yours that make it funny!
Re:come on guys. its boring (Score:2)
You read the articles?
Re:Oh the Humanity (Score:2)