The problem I see with netfilter supporting this is simply demand. Right now there are too few applications that support it, and too few developers willing to build it into their code. So there's just very little interest. Of course, if Microsoft begins to build it into their IP stack -- which they've announced they will, IIRC, with the next service pack for Windows XP -- things will probably change. BTW, I think there's a patch for snort to support this rfc out there somewhere. Jeremy -----Original Message----- From: netfilter-admin@xxxxxxxxxxxxxxxxxxx [mailto:netfilter-admin@xxxxxxxxxxxxxxxxxxx] On Behalf Of Daniel Chemko Sent: Tuesday, April 01, 2003 1:08 PM To: Scott MacKay; netfilter@xxxxxxxxxxxxxxxxxxx Subject: RE: RFC 3514 support? Toggled bit randomness? Are you sure that is secure. I see a big pile of trouble resulting from this e-bit. What about timing attacks using ebit detection! Ack, I just got hacked by the evil bit of my own sinister personality. Crud puppies! -----Original Message----- From: Scott MacKay [mailto:scottmackay@xxxxxxxxx] Sent: Tuesday, April 01, 2003 10:36 AM To: netfilter@xxxxxxxxxxxxxxxxxxx Subject: Re: RFC 3514 support? I plan to add it into my userspace mangler, but only for suspicious source IP addresses (like ones which resolve with dangerous works like 'sinister') :) I also intend to shortcut some of the design for item (4) by simply having a toggled bit to determine if it should be on or off (thus achieving true, pure, even randomness)... -Scott --- Bob Keyes <bob@xxxxxxxxxxxx> wrote: > I am wondering if there are any plans to support RFC > 3514 in netfilter? > ftp://ftp.rfc-editor.org/in-notes/rfc3514.txt > > Specifically, I'd like to tag all kazaa packets. __________________________________________________ Do you Yahoo!? Yahoo! Tax Center - File online, calculators, forms, and more http://platinum.yahoo.com
