Slashdot Mirror
New RFC Adds "Evil Bit"
Nashirak writes "This
is new RFC that introduces new security measures into IPv4 header. The measures include an "evil bit" that can be set an unset according to wether the packet is evil or not."
← Back to Stories (view on slashdot.org)
What's this, a meta-dupe?
Yay!/ 021822 6&mode=thread&tid=172&tid=156
http://slashdot.org/article.pl?sid=03/04/01
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
Looks like CmdrTaco *is* the April Fool!
God, I fucking hate April first.
Oh, very nice indeed. No really, I'd normally rip a new one for your lame April fools, but seriously, kudos!
Once again -- people just don't read before they post.
All together now .... "its a dupe"
I just heard they have a new bit at Slashdot. It's called "DupeBit" and this is the first article which got it.
Yours, Martin
I'll set that bit on every post i see today
http://slashdot.org/article.pl?sid=03/04/01/02182
Likely, this is already a repost ABOUT the repost. Still, it's always fun to pile on!
Ryan Fenton
The article it was clearly based on wasn't four topic below this.
...and that's the way the cookie crumbles.
They even manage to dupe their April Fools jokes.
My workplace's firewall blocks FTP, you insensitive clod!
Stop by my site where I write about ERP systems & more
Now users can tick if their stories are duplicates or not.
Ok. This is getting silly now... I'd really rather not have to try and guess which articles are the real ones.
maybe we can have two april the firsts now.
Slashdot - Security updates in broken english, or we'll double your karma back! ;)
So not only is it an April Fool's joke, but it's a dupe?
Punchlines are never as great the second time around.
-chris
.... all packets originating from Microsoft Windows machines?
dochood
So, how many times are you going to repeat this story today?
(8-DCS)
Yeah, but this time the bit is real evil and the entire story is even more menacing ;-)
The that waistband of the 'Daddy pants' needs to be adjusted slightly. It's obviously restricting bloodflow to the primary dupe-avoiding cortex.
I know it's been said. It shouldn't have to be said. It shouldn't have to be said again. I'm saying it again. That's because this story is here, again.
SIG: HUP
The best post duplicator around!
Cool
Rus
Cheap UK and US VPS
Christ almighty. An april's dupe. This is beyond me. By the way, the Risks list does this RFC thing really well.
virve
--
I don't mean to interrupt this thread, but has anyone seen this. Its an RFC that adds an new bit field to TCP/IP headers for packets that have malicious intent.
/. , and its hilarious.
I haven't seen it at
Athletic Scholarships to universities make as much sense as academic scholarships to sports teams.
"Evil! EEEEEEEEEEEvvviiiilll!!!!"
(or whatever the heck that character's name was...)
Never hit your grandmother with a shovel, for it leaves a bad impression on her mind...
Oh, if only.
I used to wonder why people heaped so much derision on CmdrTaco. He's like that annoying bastard who keeps setting the network printer to make two copies of everything as the default. Gah.
Is there anyone to explain me if it's finally April's dupe or IP's fool??
How do I know it's not both?
...and that's the way the cookie crumbles.
A new bill requiring all pornographic material and terrorist communication to be transmitted with the "evil bit" set was proposed only hours later by a Texas representative.
This just in:
RIAA will propose a bill later this week requiring all p2p apps to use the "evil bit" as well.
- Ost
---- Sig. gone.
unfunny.
dupe.
blah blah blah.
... It's April Fools isn't it? How disappointed we all would have been it there wasn't at least one dupe today. Hell, I wouldn't be surprised to see this article pop up with several different variants ALL DAY LONG. I wouldn't be surprised if they had a dupe of every April Fools articles posted today.I find it amusing that people are getting soooo worked up about it on this of all days :)
Well sod it; it's a dupe _and_ April 1st so this thread is not worth anything anyway; so:
Am I alone in the world, or is there anybody else out there that COULDN'T GIVE A FLYING F*** whether Google go for an IPO or not?
Seriously, the BB's and media are making a meal out if this AND IT HASN'T EVEN HAPPENED YET. If they do, i'm gonna have to cut myself off from society until the media bullshit has calmed down.
I trust the management will do what's right/needed for the company; and i'll leave it at that.
Any journalists reading? Please, I beg you; let's not blow this one out of all proportion.
Thanks.
I was checking out this dupe post and the advertisement was for Microsoft Visual Studio .Net. That's pretty evil. Then I got to thinking about advertising and it seems that I rarely notice those in-article advertisements. I usually only notice the top-of-page advertising. So there is something for the advertising department.
Smeghead every day of the week.
The latest version of IPv6 incorporates an evil bit, and adding one to IPv4 will allow existing IPv4 networks to become forward compatible with the new IPv6 networks. Without this, the mere existence of an "evil" bit in IPv6 may suggest to the poular imagination that IPv6 is more evil than IPv4. This would be catastrophic, as it would stall the uptake of IPv6, possibly forcing us to use IPv4 forever and preventing us from giving every molecule on the planet it's own IP address. This is a good day for mankind.
If I seem short sighted, it is because I stand on the shoulders of midgets
Slashdot cleaning up their act and NOT having a dupe today would be a great april fools joke.
--
"I'm not bright. Big words confuse me. But Wanda loves me and that should be enough for you." - Cosmo
How else could it have been reposted so quickly?
It was the evil mime that gave it away.
I guess CmdrTaco was so stunned by Whitespace that he started rewriting his automatic dupe-removal routine with it!
Must be busy looking for a WhiteSpace debugger by now, time to sneak another dupe!
Fabien BERNARD.
Actually, if they posted it again, it would be kinda funny again. I think the odd number of times something is posted, it's funny. Even number of times, it's just not as good to read.
Check the download.com april first joke.
I read recently that Microsoft will set the bit to binary 1 on all new versions of Windows 2003 and XP. After embracing the new protocol, they then plan to extend the bit to two bits so that in subsequent versions it will be set to 11 or "most evil".
I know this is an April Fools day joke... but I really wish it wasn't...
Slashdot April 1st jokes used to be a lot more subtle than this.
If you have problems with dupes, simply change your setting to disable display of duplicate stories! It's hardly rocket science.
in fact dups on /. is sent with the evil bit on and is intended as a test for you guys, if you have the appropriate support for evil bit, you should not be able to see dups!
ugh... it seems that i should file a bug to report this to my OS vender and tell them to have this feature properly supported so I won't receive any dup again...
Not even 10 hours later and a dupe? Even if it is April Fool's day... most people run a minimal 1600x1200 resolution if not higher so why can't the editors notice them ?
Its official. I'm never coming back to Slashdot. Goodbye dupes, goodbye DMCA bulls**t, goodbye NEW/Lunix talk.
Posted after 12pm and it's a duplicate! Maybe /. should consult the AprilFools man page...!
Mr. Smoove
You need to give Cmdr. Taco a break! He's got work to do and can't be expected to just break from his tasks to read /. like the rest of us!
Man...with all the bitchin' you'd think his job was to read this site on a regular basis!
Sheesh!
PLEASE! Drink MORE Coffee!
LFS. Have you built your system today?
Previous story: Can You Trust Microsoft On Security?
I KNEW they had their finger in evey pie! (and some things not even pie related).
At least its not April Trolls day...or does that happen everyday?
I like apirl 1 =)nm
...I already implemented the "evil bit" feature of IPv4 on my firewall, that's the reason I don't see this arti......*doh*
Our sides cannot take anymore of these hilarious gapes!
"Watch the skies, keep watching the skies"
Developers: New Whitespace-Only Programming Language
There are times you just wish you could mod a post up past 5...
... someone actually USES this bit in their hacks. That would definitely make news... >:)
I wonder how an evil bit would affect the pigeon.
_______
2B1ASK1
They're just adding two evil bits. It helps to seperate script kiddies and terrorists (although it's not neccessary). The other reason is to make the bitsize divisible by 2.
1) A first exclusive interview gets posted twice.
2) New scientific discoveries sound familiar.
3) 10 questions turn into 20.
4) Last interviews turn into next to last.
5) Congress is considering the first ever digital cloning ban.
6) Duplicate replies to duplicate posts get duplicate moderation.
7) The only thing not duplicated is polls (not even sure about that).
8) 1000/1 = The ratio of time it takes for moderators to discover a dupe vs. the readers.
9) 0 = The number of dupes deleted.
10) The post (God forbid) announcing its closing will probably be posted twice.
A friend of mine that works for a big sw company told me, that roumors was that the networkcoders in that company is making some additions to the api, to not only set the "evil-bit", but also make an undocumented apicall, that can toggle the evil bit to minus 1 (-1). That would allow pakages avoid being caught in intrusion detection sw, firewalls etc. This is to allow authorities to monitor evrything more effectively. I believe the concept of evilbit manipulation is good, for security resons, but...
Martin Brooks / Slayer99 #linux / UIN 2178117
wow, now we are even duping the jokes. must be a slow day for news eh?
We should add a "Evil" moderation option!
+5, Evil
really, i think evil-doers will set the evil bit with pride, and that will be a real help!!
MPEG2 has one of these on the Transport Stream level called "transport_error_indicator", which you set when there's no point in transmitting a packet but you transmit it anyway.
Does anyone care to guess how many more messages will be posted that somehow mention duplicates and the evil bit?
Not just bad april fool postings, but duplicate bad april fool postings.
This april fool stuff is a stupid tradition, can we have an end to it now?
Reminds me of the joke we played on a coworker - told her that the square packets from her application were congesting the network causing the round packets not to flow as well. We suggested using a packet analyzer to see if her team could recode the application.
I don't know if this is meant to be funny or not! *screams*
Feel that power? That's mah MOUSING FINGER
President George Bush is meeting this meeting with high-level Cabinet members, Pentagon advisors, and the corpse of Dick Cheney to develop a battle plan against the so-called "Evil Bit" developed by the nefarious organization known as "IETF", White House spokesman Ari Fleischer said today.
Fleischer said "We know this IETF has RFC's, and they plan to use the RFC's against the American people". When a reporter from the New York Times (free registration all day 4/1!!) stated that the IETF was the Internet Engineering Task Force, a standards body for the Internet, Fleischer gave a slideshow depicting the IETF's True Secret Agenda: a plot against Freedom and Democracy.
When the Times reporter asked CIA director George Tenet about the slideshow, Tenet exclaimed
The President will address the nation this evening at 8:00 p.m. on all major networks.
"I think all foreigners should stop interfering in the internal affairs of Iraq"
-- Paul Wolfowitz, 7/21/2003
Click and Clack demonstrate the proper technique. Arms at the ready!
it's not going to stop until you wise up, no it's not going to stop. so just give up.
"Multi-level insecure operating systems may have special levels for attack programs; the evil bit MUST be set by default on packets emanating from programs running at such levels. However, the system MAY provide an API to allow it to be cleared for non-malicious activity by users who normally engage in attack behavior."
A slight against M$ perhaps...
And my other fav was: "In networks protected by firewalls, it is axiomatic that all attackers are on the outside of the firewall. Therefore, hosts inside the firewall MUST NOT set the evil bit on any packets."
Esp considering how many people actually believe the second quote.
Sig 'em boy!
Yes, it is a dupe - no doubt. But why so fast, the old story is still on the FRONT page. In fact it is ONLY 3 stories below this one.
Ahem, long live the slashdot editors that provide us constantly with interesting stuff to read! The latest trend is to post old stories as often as possible so that we do not need to scroll down the front page. Long live!!!
I was all set to add a new traffic definition in my COPS server, but then it occurred to me - it is impractical to implement a QoS recognition for evil without also taking into account evil's opposite. Therefore, I feel I must postpone network reconfiguration until someone invents a stupid bit.
What people need to realize is the sheer opportunity presented by the evil bit! Particularly when used in conjunction with the new Whitespace Programming Language ! Sending an html-based email to your boss laced with WPL and the evil bit set will cause his computer to download all your pr0n for you, as well as send the memo to the finance office to process your raise with haste.
However, the only problem I've come across with setting the evil bit deals with products from a certain Redmond, Washington software development company. Apparently, when the evil bit is set, it negates all the security holes inherent in the OS from this company, and it becomes rock solid secure.
Go figure...
Whew! This water sure is cold!
Cisco plans to introduce their new "evil router". This new fiber channel router will give special priority to packets known to be truely evil. Special discounts for those installing new networks for thier "death star" or "hollowed out volcanos".
Today is a gift. Save the receipt.
"Here's your problem: Someone set this thing to Evil!"
Learn to read first.... www.eteckonline.com
Computers
Yo Taco,
Since this article was posted twice, does it make it a sticky bit?
>> Practice Safe Hex
... because it has the evil bit set. Had you installed
the RFC update already, you wouldn't even have seen it!
That download.com story should have include this program the best program ever written in that category.
"Semper in excretum set alta variant"
Young women should avoid setting this bit to evil if they are using an Apple computer!
One young teenager apparently set this bit and immediately fell into a coma. Her family's only warning that this had happened was when seven dwarves burst into the house and carried her off in a glass coffin.
Her parents were visibly upset.
"They seemed quite chipper while they carried our daughter off," cried the teen's mother. "They were whistling quite enthusiastically while they worked."
Police are investigating the incident. Representatives from Disney have already contacted the family for the movie rights.
Whew! This water sure is cold!
A section was inadvertantly left out of the RFC.
The Evil bit MUST be set on duplicate slashdot posts.
'ta
however, I'm going to sit back and wait for the 'Naughty Bit'.
"There's your problem. Somebody set this doll to evil!"
Robots are everywhere, and they eat old people's medicine for fuel.
In the early 90s, an April fools joke was passed through Usenet from a guy claiming to have patented null terminated strings. Anyone still have a copy of this or know where to find it?
Ok, so it's april fool's day... but 2 spelling mistakes in a 2 sentence joke?
It seems not all packes that pass through ports:
137
138
139
are marked as "evil". How can that be correct?
This
Has there ever been a triple post on slashdot?
I've been a fricken Evil Packet for thirty fricken years throw me a fricken bit...
A bit isn't evil. It's semi-evil...quasi-evil.
When packets come with laser beams on their head then maybe I'll pay attn.
Is this a line from the upcoming 4th movie? :)
-m
http://www.invisik.com
"In the still of the night, I accepted another dupe. Oh how I love, love to post, promise you'll never post the most, in the still of the night. Shoo dupe dupe du dupe, shoo dupe dupe de waah!"
-Adam
"The best laid plans of mice and men gang oft agley..." - ROBERT BURNS
I am Evil Homer, I am Evil Homer!
I am Evil Homer, I am Evil Homer!
Manipulate the moderator system! Mod someone as "overrated" today.
To quote Abraham Simpson:
"Evil, I tells ya! EEEEEEEEEEEvvviiiilll!!!!"
(Score: -1, Stupid)
Mirrow
On a brighter note, at least our networking products won't have to be rewritten... Caffeine... Where the heck is the caffeine?...
Quadgoatboy
Well done Taco,
Subtle, yet funny.
Last.fm - join the social music revolution
Yay!
I mean, really! It's no longer a funny joke.
I'm going to sit back and post dupes of comments from the duped story and collect duplicitous karma.
Network Working Group S. Bellovin
.
Request for Comments: 3514 AT&T Labs Research
Category: Informational 1 April 2003
The Security Flag in the IPv4 Header
Status of this Memo
This memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited.
Copyright Notice
Copyright (C) The Internet Society (2003). All Rights Reserved.
Abstract
Firewalls, packet filters, intrusion detection systems, and the like often have difficulty distinguishing between packets that have malicious intent and those that are merely unusual. We define a security flag in the IPv4 header as a means of distinguishing the two cases.
1. Introduction
Firewalls CBR03 , packet filters, intrusion detection systems, and the like often have difficulty distinguishing between packets that have malicious intent and those that are merely unusual. The problem is that making such determinations is hard. To solve this problem, we define a security flag, known as the "evil" bit, in the IPv4 RFC791 header. Benign packets have this bit set to 0; those that are used for an attack will have the bit set to 1.
1.1. Terminology
The keywords MUST, MUST NOT, REQUIRED, SHALL, SHALL NOT, SHOULD, SHOULD NOT, RECOMMENDED, MAY, and OPTIONAL, when they appear in this document, are to be interpreted as described in RFC2119
2. Syntax
The high-order bit of the IP fragment offset field is the only unused bit in the IP header. Accordingly, the selection of the bit position is not left to IANA.
The bit field is laid out as follows:
0
+-+
|E|
+-+
Currently-assigned values are defined as follows:
0x0 If the bit is set to 0, the packet has no evil intent. Hosts, network elements, etc., SHOULD assume that the packet is harmless, and SHOULD NOT take any defensive measures. (We note
that this part of the spec is already implemented by many common desktop operating systems.)
0x1 If the bit is set to 1, the packet has evil intent. Secure systems SHOULD try to defend themselves against such packets. Insecure systems MAY chose to crash, be penetrated, etc.
3. Setting the Evil Bit
There are a number of ways in which the evil bit may be set. Attack applications may use a suitable API to request that it be set. Systems that do not have other mechanisms MUST provide such an API; attack programs MUST use it.
Multi-level insecure operating systems may have special levels for attack programs; the evil bit MUST be set by default on packets emanating from programs running at such levels. However, the system MAY provide an API to allow it to be cleared for non-malicious activity by users who normally engage in attack behavior.
Fragments that by themselves are dangerous MUST have the evil bit set. If a packet with the evil bit set is fragmented by an intermediate router and the fragments themselves are not dangerous, the evil bit MUST be cleared in the fragments, and MUST be turned back on in the reassembled packet.
Intermediate systems are sometimes used to launder attack connections. Packets to such systems that are intended to be relayed to a target SHOULD have the evil bit set.
Some applications hand-craft their own packets. If these packets are part of an attack, the application MUST set the evil bit by itself.
In networks protected by firewalls, it is axiomatic that all attackers are on the outside of the firewall. Therefore, hosts inside the firewall MUST NOT set the evil bit on any packets.
Because NAT RFC3022 boxes modify packets, they SHOULD set the evil bit on such packets. "Transparent" http and email proxies SHOULD set the evil bit on their reply packets to the innocent client host.
Some hosts scan other hosts in a fashion that can alert intrusion detection systems. If the scanning is part of a benign research project, the evil bit MUST NOT be set
You'd think someone would notice that this article was actually posted first...
enough, this have been posted FOUR separate times so far:
m l l m l m l
http://slashdot.org/articles/03/04/01/0218226.sht
http://slashdot.org/articles/03/04/01/133217.shtm
http://slashdot.org/articles/03/04/01/1434209.sht
http://slashdot.org/articles/03/04/01/1440230.sht
Come on
Ceci n'est pas un sig.
Keep your Eye on the Ball,
Your Shoulder to the Wheel,
Your Nose to the Grindstone,
Your Feet on the Ground,
Your Head on your Shoulders.
Now... try to get something DONE!
- this post brought to you by the Automated Last Post Generator...