Slashdot Mirror

← Back to Stories (view on slashdot.org)

RFC 3514: New Bit Defined for IPv4 Headers

Posted by jamie on from the SHOULD dept.

RFC 3514 was just released, with a new bit definition for use in the headers of IP packets. Because there are important security implications, anyone coding internet services (on either the client or server end) should probably take a look.

44 of 259 comments (clear)

  1. It's about time! by Motherfucking+Shit · · Score: 5, Funny

    Finally, the scriptkiddie bit! Now we'll be able to drop all that pesky DDoS traffic with ease!

    --
    "BSD: Free as in speech. Linux: Free as in beer. Windows 10: Free as in herpes." --Man On Pink Corner in #52607549.
  2. I can see it now. by Renraku · · Score: 4, Funny

    The bit set to 1 indicates a pr0n site, the bit set to 0 indicates a non-pr0n site.

    --
    Job? I don't have time to get a job! Who will sit around and bitch about being broke and unemployed then?
  3. you are 2 hours early... by MarvinMouse · · Score: 3, Funny

    This is such an amazingly important invention, but you are 2 hours early on the release. No one was supposed to know that.

    Darn! You have already thwarted my evil plans yet again.

    --
    ~ kjrose
    1. Re:you are 2 hours early... by geodejo · · Score: 2, Funny

      Depends on your time zone! Last year I freaked out for a minute after reading Linus's post on April 2!

    2. Re:you are 2 hours early... by Mac+Degger · · Score: 2, Funny

      Hehe...in regards to your sig...my mom thought me and my bro where serious computer criminals when we were talking about the hacks we had on our palmpilots :)

      --
      -- Waht? Tehr's a preveiw buottn?
  4. In other news.... by VC · · Score: 4, Funny

    Microsoft have released a beowulf distro.
    Linus has joined redhat.
    Slackware is closing down.
    Linux now runs on single entangled electrons at MIT
    etc etc etc

    --
    Official GOD FAQ.
    1. Re:In other news.... by Pseudonym · · Score: 4, Funny

      ...BSD is not dying.

      --
      sub f{($f)=@_;print"$f(q{$f});";}f(q{sub f{($f)=@_;print"$f(q{$f});";}f});
    2. Re:In other news.... by Mr.+Neutron · · Score: 2, Funny

      IP Over Carrier Pidgeon implemented by Cringely
      Linux Kernel 2.6 to include DRM
      Slashdot becomes an MSN Featured Site
      IBM unveils first 1.0 exabyte ATAPI hard drive
      RIAA successfully lobbies for $1 tax on every MP3 file on the net

      --
      dinner: it's what's for beer
    3. Re:In other news.... by Com2Kid · · Score: 2, Funny
      • IP Over Carrier Pidgeon implemented by Cringely


      Don't give him any ideas.


      • Linux Kernel 2.6 to include DRM


      [tinfoil hat]
      The way things are going, there might not be much choice. . . .
      [/tinfoil hat]


      • Slashdot becomes an MSN Featured Site


      With all the MS ads, you mean it isn't already?


      • IBM unveils first 1.0 exabyte ATAPI hard drive


      IBM is out of the hard drive business, you should read /. more often. :)


      • RIAA successfully lobbies for $1 tax on every MP3 file on the net


      I am sure they are working on it. :)
      --
      Need help treating your acne? Come here!
    4. Re:In other news.... by Zork+the+Almighty · · Score: 2, Funny

      Widely known value of Pi in error, actually 3.15...

      --

      In Soviet America the banks rob you!
    5. Re:In other news.... by Zork+the+Almighty · · Score: 2, Funny

      Apple to sell PCs, no longer interested in "thinking different".

      --

      In Soviet America the banks rob you!
  5. New Bit by Anonymous Coward · · Score: 1, Funny

    Hmm, a little bit of this and a little bit of that. Sounds like an old recipe from my grandma..

  6. ...and so it begins by stevens · · Score: 4, Funny

    I love April fool's day.

    Perl programmers may want to check out their beloved cpan.org site today, too. :-)

  7. Patch for Cisco IOS needed by Degrees · · Score: 4, Funny
    Now, best practices will include setting this bit for all interfaces connected to Microsoft servers and AOL users.

    It'll be the Router Admin Full Employment Act of 2003!

    ;-)

    --
    "The most sensible request of government we make is not, "Do something!" But "Quit it!"
  8. Chomping at the bit by Brett+Glass · · Score: 4, Funny

    Does the DMCA impose penalties for modifying the bit?

  9. Well... by Anonymous Coward · · Score: 1, Funny

    Since the "evil" bit *MUST* be set in attack programs, I guess that will thwart all hacker attacks!! This RFC must have been sponsored by Micro$oft... After all, Microsoft makes hackers obsolete...

  10. the evil one by initnull · · Score: 1, Funny

    So saddam is part of TCP ?

  11. 100% Correct Spam Filters Now Possible by Persnickity · · Score: 4, Funny

    Please, please, please take this wonderful advance in technology and extend it to email. Then Spam can have a new header called "Evil: Yes". Then we can leverage the same technology to do perfect Spam filtering.

    --
    - Persnickity
  12. Timing problem by jpetts · · Score: 2, Funny

    Hey: it's still before midnight where I am! I'll need to take this seriously for the next couple of hours...

    --
    Call me old fashioned, but I like a dump to be as memorable as it is devastating - Bender
  13. Must remember by the_other_one · · Score: 3, Funny

    Benign packets have this bit set to 0; those that are used for an attack will have the bit set to 1.

    Note to self: Remember to set "evil" bit to 1 when launching world domination attempt.

    --
    134340: I am not a number. I am a free planet!
  14. Why computers crash, by Dr. Seuss by Mattygfunk1 · · Score: 4, Funny
    If a packet hits a pocket on a socket on a port, and the bus is interrupted at a very last resort, and the access of the memory makes your floppy disk abort, then the socket packet pocket has an error to report.

    If your cursor finds a menu item followed by a dash, and the double-clicking icon puts your Window in the trash, and your data is corrupted 'cause the index doesn't hash, then your situation's hopeless and your system's gonna crash!!

    If the label on the cable on the table at your house says the network is connected to the button on your mouse, but your packets want to tunnel to another protocol that's repeatedly rejected by the printer down the hall, and your screen is all distorted by the side effects of gauss, so your icons in the window are as wavy as a souse; then you may as well reboot and go out with a bang, 'cuz sure as I'm a poet, the sucker's gonna hang!

    When the copy of your floppy's getting sloppy in the disk, and the macro code instructions cause unnecessary risk, then you'll have to flash the memory and you'll want to RAM your ROM. Quick, turn off the computer and be sure to tell your Mom!

    Blatently pinched from - Twisted Monkey Entertainment

    _________________
    Cheap Web Site Hosting - recommended by some worker posting on slashdot!

  15. The 128-bit strength indicator levels! by EvilNTUser · · Score: 3, Funny

    Unfortunately the RFC neglects to define what levels of evil the values of the 128-bit strength indicator maps to.

    Therefore I, on behalf of the United Corp^H^H^H^H^H States government, submit that the top values should be reserved for the following:

    2^127-n
    4: Unpatriotic activity.
    3: Terrorism. For up to date definition, see www.dhs.gov
    2: Attempt to secure personal communication by encryption
    1: Circumvention of copy protection mechanisms for purposes of piracy
    0: Circumvention of copy protection mechanisms for purposes of "fair use"

    Note that the last bit is reserved to indicate whether the packet originates from a foreign country.

    --
    My Sig: SEGV
  16. I have security. by rice_burners_suck · · Score: 3, Funny
    Security implications? Bah, humbug. I have the most secure network anywhere. First of all, I use 100% wireless networking with no encryption whatsoever. I am using Windows operating systems, which are unbreakable in terms of security because nobody other than Microsoft, the most respectable organization in the world, has access to the source code, which is flawless in every way. Sharing is turned on for all drives with no passwords. As a matter of fact, there are no passwords on anything. And the computers are being kept on all the time. Private documents are stored on these computers, as are diaries, pictures, videos and other proofs of the illegal crimes my organization commits (see fine print below). As such, I firmly believe that no update to any aspect of my network needs to take place, as I am 100% safe from evil hackers and from those evil people who do not agree 100% with the viewpoints of Microsoft, the RIAA, the MPAA, AOL Time Warner, The Walt Disney Company and Saddam Hussein.



    The fine print: Aforementioned crimes are only illegal in Afghanistan and include, but are limited to, allowing women to walk around without being entirely concealed under a table cloth, teaching children how to read and write, and singing nursery rhymes.

  17. HTTP link by apankrat · · Score: 2, Funny

    Here

    Also note that it's actually based on the ideas initially developed by HTCPCP protocol, which just turned 5 years.

    --
    3.243F6A8885A308D313
  18. A potential hole... by russotto · · Score: 3, Funny

    An attacker can take advantage of the quantum nature of reality to set this bit to an indeterminate/combined value influenced by the nature of the observer of the packet. An observer who knows the evil nature of the sender of the packet will see the "evil" bit set to one, as it should be. However, unsuspecting observers, including firewalls and potential victims, will see the bit set to zero and be fooled.

    The inherent subtlety of this attack is revealed by considering what happens when a security expert attempts to analyze the attack. As soon as he recognizes the evil nature of the attacker, the packets appear to have the 'evil' bit set, and his firewalls start dropping the packets, depriving him of further packets for analysis. The attack is thus even more precisely targeted towards the naive than an attack on Microsoft IIS.

  19. Evil by NickisGod.com · · Score: 3, Funny

    Is it time to bring out the April Fools Day Tree yet?

    Should I start opening the April Fools Day gifts?

    Serious question: Will this bit work over Carrier Pigeon?

    And one other thought, will Windows2003Server recognize it? Oh...they'll have to release the Service Pack because anything set to 0 won't get through because of a buffer overflow extension illegal operation segfault doo-hickey.

    Any other cliches missed?

    1. Re:Evil by Caraig · · Score: 2, Funny

      Considering that carrier pigeons used to carry TCP packets are already compliant with IPv4, then I'd say that the evil bit can be set.

      Usually, it can be detected for by a specially-designed packet sniffer: a freshly-washed car right beneath the carrier pigeons' flight path.

      I think a much more pressing ssue would be making carrier pigeons compatable with IPv6. Perhaps if there were two pigeons, and they carried the packet on a string held between them.....

      --
      "I am an Adept of Tantric VAX."
  20. Oh geez... by sfe_software · · Score: 4, Funny
    ...it's 4/1 already...

    I liked this bit (emphasis mine):

    0x0 If the bit is set to 0, the packet has no evil intent. Hosts,
    network elements, etc., SHOULD assume that the packet is
    harmless, and SHOULD NOT take any defensive measures. (We note
    that this part of the spec is already implemented by many common
    desktop operating systems.    )

    0x1 If the bit is set to 1, the packet has evil intent. Secure
    systems SHOULD try to defend themselves against such packets.
    Insecure systems MAY chose to crash, be penetrated, etc.

    --
    NGWave - Fast Sound Editor for Windows
  21. If only real life was as simple by krammit · · Score: 2, Funny

    If only it was that easy to detect evil intent in real life...

    "Sally, cross your legs! His bit is set to 'evil'!"

    On second thought...

    --
    "Watch your cornhole, bud."
  22. sex or war by lingqi · · Score: 4, Funny

    Actually I think somebody famous* established long time ago that sex, as strange as some of its involved rituals may seem to many at times, are a better alternative to war.

    I propose that instead anything coming from or going to a .gov extension has the eBit** set.

    *note: Larry Flint. Watch the movie.

    **I hereforth trademark this name.

    --

    My life in the land of the rising sun.

  23. Re:Must remember by Pharmboy · · Score: 2, Funny

    Note to self: Remember to set "evil" bit to 1 when launching world domination attempt.

    Which makes me think: Will the cable company terminate my account if I forget to set the evil bit when I am DDoSing someone, as a TOS violation?

    --
    Tequila: It's not just for breakfast anymore!
  24. Re:First evil comment by einhverfr · · Score: 3, Funny

    Or not a secure system. Insecure systems can choose to ignore the flag (as per RFC).

    My favorite quote of the RFC is:
    " This document defines the behavior of security elements for the 0x0
    and 0x1 values of this bit. Behavior for other values of the bit may
    be defined only by IETF consensus [RFC2434]."

    --

    LedgerSMB: Open source Accounting/ERP
  25. What a day! by Ridge · · Score: 5, Funny

    First this and now I noticed the W3C added an addendum to HTTP 1.1:

    10.5.4.1 503.1 Slashdotted

    The server is currently unable to handle the request due to a fucking slashdotting of the server. Visit slashdot.org for potential mirrors.

  26. Re:4/1/03 by Pharmboy · · Score: 4, Funny

    I'm not being a spoilsport, but after a few years April Fools Day jokes start to seem a little formulaic and predictable.

    Well, ya they are predictable, they come every April 1....:)

    Perhaps if they just did a few random hoaxes a year, at different times, it would be a little more fun. As it is, its kind of like acting suprised when you get socks for christmas. And just as gratifying.

    --
    Tequila: It's not just for breakfast anymore!
  27. Hey, I recognize this security scheme! by eison · · Score: 2, Funny

    In networks protected by firewalls, it is axiomatic that all
    attackers are on the outside of the firewall. Therefore, hosts inside the firewall MUST NOT set the evil bit on any packets.


    Our IT group must have contributed to this RFC! Now I know exactly what to think of it... :)
    --
    is competition good, or is duplication of effort bad?
  28. Perspiring minds want to know.... by unitron · · Score: 4, Funny

    Enough about the evil bit, where are the "naughty bits"?

    --

    I see even classic Slashdot is now pretty much unusable on dial up anymore.

    1. Re:Perspiring minds want to know.... by ZorMonkey · · Score: 3, Funny
      Enough about the evil bit, where are the "naughty bits"?
      Oog. Dont sniff those packets...
  29. If we lobby hard enough by lpontiac · · Score: 2, Funny

    I bet we could get the US Congress to pass a law making it illegal to set this bit incorrectly.

  30. Re:ROFL by MrLint · · Score: 3, Funny

    How would one go about setting the evil flag bit when you use the avian transport layer?

  31. I'm not evil, I swear! by jemele · · Score: 2, Funny

    Fooled you - with my stupid bit~!

    have we forgotten that evil people often masquerade in sheep's clothing????
    stupid!
    joshua

  32. What would script-kiddy see in l337? by DJ+Rubbie · · Score: 2, Funny

    3514 translated into l337 sp34k is ESIA... Doesn't ring a bell, but Egoistic Scriptkiddy Ignoring Annihilation seems to fit...

    --
    Please direct all bug reports to /dev/null
  33. Here's yer problem... by jose+c+rivera · · Score: 3, Funny

    somebody set this thing to "Evil."

  34. another joke you probably missed in this by Imperator · · Score: 2, Funny
    6. IANA Considerations

    This document defines the behavior of security elements for the 0x0 and 0x1 values of this bit. Behavior for other values of the bit may be defined only by IETF consensus [RFC2434].
    (emphasis mine)
    --

    Gates' Law: Every 18 months, the speed of software halves.
  35. Re:ROFL by MrLint · · Score: 2, Funny

    Ya know I was thinking about my original post, and it occured to me taht Hitchcock's "the birds" is really an archetype for evil avian transport DDoS.