In some mail from Alan Cox, sie said:
>
> > I don't see what point data leakage in mbuf's and ethernet frames makes.
> > That "other" data isn't going to be interpreted by anything, so you may
> > as well be tunnelling data some easier way. Not to mention that if
>
> Not tunnels. Consider the case when you have stuff inside your firewall
> box (network A) and a listener outside on network B (who maybe has broken
> an external unprotected customer box deliberately outside the firewall).
>
> Now broadcasts and potentially other traffic going from internal users to
> the network A interface of the firewall box includes potentially useful data
> (rip broadcasts, telnets in from dumber configurations, ftp upload passwords).
> If you cause a regular stream of acks back to you with no data you get
> stuff on the external ethernet seeing things like
>
> [EthernetHeader][IP header][TCP header][Trailing junk...]
>
> Where trailing junk occasionally contains stuff like
>
> "USER foo"
> "PASS bletch"
>
> or conversations with things like a TIS proxy.
Hmmm, I had my doubts about how effective this was, until now, when your
comments made me RTFS. Minimum first packet sizes and buffering size
rounding buffer sizes up (from odd, non-word aligned) seem to be a problem.
Have to hack some code to see how often mbuf sizes are rounded down...
I guess the interesting thing to ponder is will your router also reliably
round packet sizes up ?
Darren
|
|
