Slashdot Mirror
IPv4 Headers Investigated
An anonymous reader writes "New security measures are being suggested (see RFC 3514) for the IPv4 header. The measures include a bit that can be set and unset according to whether the packet is secure or not. Due to the important security implications, anyone coding client/server internet applications might want to take a look."
Not a 4th time!
This has been a test. Had this been a real emergency, we would have fled in terror and you would not have been informed.
I've never heard of anything like this before!!! This is as crazy as Salon posting pro-war articles!. I'm befuddled!
The anti-salmon
April Fool's or not, this may be a record for a duplicate... the previous story was a whole THREE entries below this one on the homepage...
Atleast we'll know when someone using Microsoft is snooping around ;)
Business \Busi"ness\, n.;
A scam in which all people involved perceive as beneficial...
There! I claim it in the name of the third dupe! So we've already had a dupe and a tripe, perhaps we call this...hmm, what's a good name for a fourth dupe?
This sig no verb.
Why am I always the last to know about these things. I try and keep up to date about technology matters, but I've missed out on this. I wish that I could have seen this one coming.
OK...
I can do this. I am, after all,
a superhero!
this isn't funny anymore...
Actually, I think this is getting MORE funny with each posting... :)
I wonder, exactly, how many people submitted this story... or is CmdrTaco just making them up?
Seems clear that this is going to be a running gag throughout the day. Any bets on how many total we'll have?
It's April 1st. I wonder if Taco's gonna do anything out of the ordinary today for April Fool's Day?
And why is this being posted a THIRD time?
"There is a way that seems right to a man, but its end is the way of death." Proverbs 16:25 (NKJV)
Microsoft have released a beowulf distro.
Linus has joined redhat.
Slackware is closing down.
Linux now runs on single entangled electrons at MIT
etc etc etc
For more information, click here.
Slashdot Story v4, are they gonna make the push for v6?
slashdot, the only place where the articles feel like the output of a feedback loop.
-
ping -f 255.255.255.255 # if only
that's the joke
--
the strongest word is still the word "free"
Could CmdrTaco really post 2 dups of a post he originally put up? Gotta be an April Fool's on him...
"What we have here, is a failure to communicate." - Cool Hand Luke
That it's on purpose this time. Or maybe they were all on purpose.....self-deprecating April Fool's humour.
I guess that disproves my theory that dupes are caused by different editors not reading eachother's posts
Someone is gonna post that IPv6 will be implemented by year end, right? I just saw the article somewhere...
I wonder if this is a meta-April Fools dupe, because it's simply ridiculous.
I read somewhere today that there's a new RFC out regarding IP header bits--you can set and unset a particular bit to determine the packet's overall security. I haven't seen it linked anywhere yet, and I'm considering sending it in to the editors, but I can't find their address.
This is something I think they'd be very interested in.
We need a new flag implemented into the Slashdot system that will indicate whether or not the story is a dupe. It can be preset to DUPE=1 to save everyone trouble.
Enough already!
its boring to read the same article the 4th time!
moderators, wake up !
Did anyone hear about an evil bit being added to IP headers?
"The ignorant fight to win, the wise win before they fight." -Sun Tzu
wake me up when its over.
Never answer an anonymous letter. - Yogi Berra
What is this, the third or fourth time this same exact RFC has been posted today? Give me a break. One of Taco's friends must have written it. The whitespace-based programming language was much better.
If anyone could actually read the RFC (since it's been slashdotted multiple times and fainted from all the exertion), you'd see it only applies to TCP over carrier pigeons anyway. Who uses that anymore? Savvy network administrators run IIS with SCTP tunneled through those little cameras they put on baby whales.
I'm going to resubmit this and see if I can get it posted again.
Best. Comment. Ever. Enjoy!
and shut up already, its not funny anymore!
-------
"In times of universal deceit, telling the truth becomes a revolutionary act."
-- George Orwell
--
side note: whoa! this is a weird one
Is this part of april fools or is this standard operating procedure for slashdot.
-
ping -f 255.255.255.255 # if only
So.....
Do tools like Nessus and ISS Set or Clear the evil bit?
LongTail SSH Brute Force analysis tool is here!
http://www.ietf.org/rfc/rfc3514.txt
Now its funny.
That silly CmdrTaco, how funny he can be.
Let's see how many "oh my god he is sooooooo dumb" comment this yields this time.
If the last one was a Tripe this one must be a Quade! What will be the next one called?
I think the repetitive duplicate posts ARE Taco's April Fool's jokes...a bit of self-deprecating humor for his dupe reputation.
For which I'm sure they're using that Microsoft beowulf...
Worst. April Fool's day. Ever.
So how long before they update this joke to IPV6?
Sheesh, if you are going to recycle it over and over again the least someone could do is update it.
Is that there's a bunch of duplicate stories, and people can't tell if it's April Fools, or just business as usual...
What is the thing that we bitch most about? Dupes. What are the /. crowd doing? Posting dupes. Duh.
It's quite funny but it ceases to be funny if it needs to be explained. So just go away and don't read /. today, k? thx!
More Flames... Good Ole /. Admin's cant count how many times they post a story..... but, all of our other ones get rejected with BS reasons... ALL HAIL /.
Heh, and I loved the overview of the flags in the protocol.
Sure we can grasp that complexity?
RMS has yet to comment on the Evil Bit. We may have to convene a conference to discuss its name change to GNU/Evil Bit.
So long, and thanks for all the Phish
Okay, I believed it.
One more time Taco. Post this just ONE MORE TIME and the penguin gets it!
Oh and Happy April Fool's Day to you too. You bastage.
I've only noticed it twice, both today, and both posted by Taco. Has he fallen asleep at the wheel?
You'll go blind.
The Russians have won. They have made the world a cesspool of distrust, greed, fear and hate.
This must be Taco's revenge for all the Slashdotters who have been complaining of the happening the past month dupes
Too many zeros, not enough ones
Taco Trolls the main slashdot site.
"This is the fourth time I have seen this story.
It is getting less and less funny."
Perhaps if y'all didn't act like Slashdot commited a mortal sin whenever the occasional dupe occured, Taco wouldn't have found this joke so amusing. Mmmm?
Frankly I think it's hilarious. I hope you all have learned a lesson now. Stop bitching about story dupes or this joke'll be around next year too.
So pick one that's already been accepted, change the wording and submit it. An accepted submission looks *great* on any Geek resume.
Phemur
four posts! it is being drilled into my head that all my packets are going to have the evil bit. something tells me the evil Bert has something to do with this.
If its done enough times it IS funny!
Well. It's funny to watch everyone groan about the re-posts atleast.
--
When does the hurting stop?!?!
We can soon start cancelling these as spam.
In Soviet Russia, I ruled you
WITH FEELING
it's not going to stop until you wise up, no it's not going to stop. so just give up.
This year they decided it would be fun to combine the two things that seem to piss many readers off more than anything else by duping one 4/1 story as many times as they can.
As Will Shatner so eloquently put it, get a life!
Keep passing the open windows...
"For the love of God, Montressor!"
One line blog. I hear that they're called Twitters now.
Slashdot should link itself as the source. "Slashdot has just posted a story about a new IPv4 header bit..."
RTFRFC, mofos! According to an unpublished RFC addendum, the Evil Bit is also known as the 'Bacon Bit', used in the new USB protocol created for the George Foreman USB Grill(c).
I do have prior art, though. I created a bowl of Cap'n Crunch that interfaces via my cereal(sp.) port. Parity is determined via the 'Alpha-bit.'
third post!
... the result is obviously four, not three.
"By the way if anyone here is in advertising or marketing... kill yourself." -- Bill Hicks
It is a TRIPLICATE!!!
Ok Taco, you win. I will subscribe if you promise that I will NOT see the duplicates anymore.
all your bits are belong to slashdot.
--- sig moved for great justice.
that ftp.rfc-editor.org should have been slashdotted already!
Screw you guys, I'm going home.
Goddammit, muther fucker, this is getting insane. Someone go over to Cmdr Taco's desk and give him a big ol' slap across the face. He needs to be bitch slapped.
.. and second .. and third .. and fourth ..
Evil ZEN Scientist
from Taco's Revelations Chapter 41 verses 20-03
Yea, and thou shall see on the fourth correspondence a great many people annoucing its mighty fourthness and a great many people will know a plague has struck. The ovens shall be alit from for away with the fearsome second cereal bus of everyone and the postings shall boil over, the sky will fall, stricking on every evil bit. And thou shall know that his name is the Lord and April's Day has come to you all
"The large print giveth, and the small print taketh away" -Tom Waits
Okay I posted this because this thing has been posted 4 times and no human progress is being made! So here's a story I just thought up off the top of my head.
The Guy Down the Hall Smells Weird
By: Gizzmonic
There's this guy down the hall from where I work who smells damn weird. He's always eating peanut butter and banana sandwiches (ugh that shit is ripe) or sometimes exotic Pakistani food (smells both spicy and ripe). Luckily I don't share an office with him, but every once in awhile I have to go in there and do stuff like check the bulletin board.
Anyway, one day I was in there checking the bulletin board while this guy (let's call him 'Steve' was eating away at his sandwich. Anyway, Steve looked a little funny that day. He didn't say "hi" when I came in, but I guessed that he was engrossed in his sandwich.
Anyway so I'm looking at the bulletin board and all off a sudden I hear this growling noise. And I think to myself, "Man, Steve sure is enjoying his sandwich!" Then I feel this hot breath on my neck, and I turn around, and Steve's face looks all weird. He's drooling, and his complexion is really pale...and he yells, "MUST....HAVE...BRAINS!!!!" which causes the peanut butter and banana sandwich he was eating to drip out the side of his mouth.
So anyway, I tried to ignore him, and keep checking the bulletin board, but you know how people are. When they suddenly turn into bloodthirsty zombies after eating a diseased sandwich, you can't get them to leave you alone!
So anyway, I clubbed Steve with my coffee cup, then I deftly manuevered towards his filing cabinet, which has a blowtorch and some other goodies in it (I work for a nonprofit). Anyway, I toasted Steve and then my boss comes and and she's like, "What the hell are you doing? Now who's gonna finish the payroll?"
And I was like, "Well, he ate those damn sandwiches and turned into a zombie, what was I supposed to do?" And she was like, "Well, I see your point, but clean it up!"
I'm not gonna clean it up. The damn custodians can do that. They got an easy job anyway.
(-1, Raw and Uncut is the only way to read)
I think slashdot's april fool this year is duplicates...
man is machine
What's more useless than mod points on April 1st?
thinking that /.ers would actually RTFA. I mean, come on, this article is freaking long(compared to the usual articles), and knowing that its 01-Apr-2003. No thanks!
What, me Tweet?
Does this mean if I repeat my same witty, funny remark in the first two postings of this article, I'll get modded up to a 5 yet again?
Good security is based upon reality and common sense. Common sense is a function of having common knowledge.
Duplicate... dupe
Triplicate...tripe (with thanks to whoever thought it up)
Quadruplicate... quipe? quap? el quapaqudara?
Oh my, I wonder how far I'm going to have to go with this....
Vote monkeys into Congress. They are cheaper and more trustworthy.
God kills a kitten.
click me
its boring to read the same article the 4th time!
You read the articles?
Fleur de Sel
Poor CmdTaco. Poor Wiggum.
If this story gets slashdotted, here's mirrors: Mirror1 Mirror2 Mirror3
I get "first post" status on the 10th copy to be posted.
--Insert catchy
Woohoo!
Anyone know if this is a repost? I think I remember hearing about this before.
I love my Foreman grill, shut up!
And i have proof!
hehe
When in doubt, parenthesize. At the very least it will let some poor schmuck bounce on the % key in vi. (Larry Wall)
This one fell off within seconds after the first time it was posted.
The Onion has taken all the good ideas.
First I thought it was a lame April fools joke, but now that it has been on Slashdot twice, it must be real.
Why isn't this security feature in the Linux kernel yet. I bet those BSD bastards are already secure!
"the Definitive Sig": Item out of stock
that author Stephen King died in a car accident?
Next time CmdrTaco posts a dupe, we will all think "thanks god, he could be worse" and just move on.
Posted within the last day on the same topic before it became a 4x dupe.
Next Year? Ha!
I'm betting on tomorrow.
Any sufficiently well-organized Government is indistinguishable from bullshit.
First Post (for the next time they post this story)!
while (sig==sig) sig=!sig;
How many more times do you think he'll post this? I'm betting on 6 times, any challengers?
----
Go canucks, habs, and sens!
AHHHHHHHHHHHHHHHHHHHHHH MY BRRAAAIN
Its melting! Stop it! Oh the humanity!
PRINT "Signature line broken."
GOTO 1
...a beowulf cluster of dupes!
it must be a slow day
At long last, we know for certain that Taco does hear our plea: "Stop with the duplicate stories already!"
:)
He just doesn't care.
Now THAT is comedy.
With reasonable men I will reason; with humane men I will plead; but to tyrants I will give no quarter. -- William Lloyd
... because while I did open my firewall to pass 'evil' bits, I forgot to turn off 'stupid' bit blocking.
Everyone will start to cheer when you put on your sailin' shoes.
"This is the post that doesn't end,
yes it goes on and on my friends.
Ol' Taco started posting it, not knowing what it was,
And he'll continue posting it forever just because,
This is the post that doesn't end,
yes it goes on and on my friends..."
We tried, but someone swapped the sugar with the salt, and he spewed coffee everywhere.
Seriously: what the hell do you want? Even if something newsworthy gets submitted, it won't get posted. Slashdot is a waste of your time today. There will be no real news posted. it's this way every April 1. Just sit back and be ENTERTAINED byt the stupidity of others, that's what I'm doing!
There is no reasonable defense against an idiot with an agenda
:wq
Didn't you know? Today is the day the editor's basically say "we don't give a shit about you", post these stories all day, watch people complain, and then laugh and comment on how they can't believe people get angry because we know they're going to do it.
Hey, I guess it's their site. I'd be pissed if I actually had a paid subscription.
Looks like CmdrTaco *is* the April Fool!
April 1st, is now offically IPv4 Day!
Shoe's untied... IPv4!
- Danny
I'm waiting for the year that every story on the front page is the same.
Just gotta ask...
=8-)
Imagine a Beowulf cluster of this story... By the end of the day you won't have to imagine.
Hey guys, I just heard that there is a new bit introduced into the IPV4 header.. Suppose you didnt know yet?
Slashdot
News for Nerds. Take what you're given and like it.
Slashdot
News for Nerds. Stuff that matters. Constructive criticizers can get their own damn site.
SSllaasshhddoott
IItt''ss nnoott aa dduuppee,, iitt''ss llooccaall eecchhoo..
Slashdot
If we can write this well in english, just imagine what our perl looks like.
Slashdot
What we get wrong, the hive mind fixes.
Slashdot
Driving members to kuro5hin since 1999.
Your mind is squeezed by a blast of pain!
Network Working Group S. Bellovin
.
Request for Comments: 3514 AT&T Labs Research
Category: Informational 1 April 2003
The Security Flag in the IPv4 Header
Status of this Memo
This memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited.
Copyright Notice
Copyright (C) The Internet Society (2003). All Rights Reserved.
Abstract
Firewalls, packet filters, intrusion detection systems, and the like often have difficulty distinguishing between packets that have malicious intent and those that are merely unusual. We define a security flag in the IPv4 header as a means of distinguishing the two cases.
1. Introduction
Firewalls CBR03 , packet filters, intrusion detection systems, and the like often have difficulty distinguishing between packets that have malicious intent and those that are merely unusual. The problem is that making such determinations is hard. To solve this problem, we define a security flag, known as the "evil" bit, in the IPv4 RFC791 header. Benign packets have this bit set to 0; those that are used for an attack will have the bit set to 1.
1.1. Terminology
The keywords MUST, MUST NOT, REQUIRED, SHALL, SHALL NOT, SHOULD, SHOULD NOT, RECOMMENDED, MAY, and OPTIONAL, when they appear in this document, are to be interpreted as described in RFC2119
2. Syntax
The high-order bit of the IP fragment offset field is the only unused bit in the IP header. Accordingly, the selection of the bit position is not left to IANA.
The bit field is laid out as follows:
0
+-+
|E|
+-+
Currently-assigned values are defined as follows:
0x0 If the bit is set to 0, the packet has no evil intent. Hosts, network elements, etc., SHOULD assume that the packet is harmless, and SHOULD NOT take any defensive measures. (We note
that this part of the spec is already implemented by many common desktop operating systems.)
0x1 If the bit is set to 1, the packet has evil intent. Secure systems SHOULD try to defend themselves against such packets. Insecure systems MAY chose to crash, be penetrated, etc.
3. Setting the Evil Bit
There are a number of ways in which the evil bit may be set. Attack applications may use a suitable API to request that it be set. Systems that do not have other mechanisms MUST provide such an API; attack programs MUST use it.
Multi-level insecure operating systems may have special levels for attack programs; the evil bit MUST be set by default on packets emanating from programs running at such levels. However, the system MAY provide an API to allow it to be cleared for non-malicious activity by users who normally engage in attack behavior.
Fragments that by themselves are dangerous MUST have the evil bit set. If a packet with the evil bit set is fragmented by an intermediate router and the fragments themselves are not dangerous, the evil bit MUST be cleared in the fragments, and MUST be turned back on in the reassembled packet.
Intermediate systems are sometimes used to launder attack connections. Packets to such systems that are intended to be relayed to a target SHOULD have the evil bit set.
Some applications hand-craft their own packets. If these packets are part of an attack, the application MUST set the evil bit by itself.
In networks protected by firewalls, it is axiomatic that all attackers are on the outside of the firewall. Therefore, hosts inside the firewall MUST NOT set the evil bit on any packets.
Because NAT RFC3022 boxes modify packets, they SHOULD set the evil bit on such packets. "Transparent" http and email proxies SHOULD set the evil bit on their reply packets to the innocent client host.
Some hosts scan other hosts in a fashion that can alert intrusion detection systems. If the scanning is part of a benign research project, the evil bit MUST NOT be set
That burning sensation all around my ass sphincter tells me I've seen this somewhere before.
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Lost Sheep to Shepard, you got your ears on?
...Taco must reeeeeeeally hate the ftp://ftp.rfc-editor.org server, in order to slashdot it four times in six hours.
...The story duplicates YOU!
Not sure if it had been said yet or not, so I thought I'd make the thread official.
Maybe we need a duplicate story bit too...
It's being posted a fourth time
Penguin Sausage!
god, this is getting old.
april fools day is the stupidest thing EVER.
Is everybody ready for the internet cleaning day?
C'mon, though really...it was funny the first time. Humorous the second, but come ON....Are you going for a record or something?
Actually, hell...it's probably a reference to something mentioned in the RFC(j)...I just haven't taken the time to read it yet.
There is a reason for everything. Sometimes that reason just sucks.
I'm soooooo glad this was posted yet again.. there were a few things I missed in the first three stories and my BACK button is broken.. (yes.. I've called the help desk about the broken BACK button)
chown -R us
Maybe this article is part of a hidden message of some sort. The presence of this post among the articles could mean "1", and the abscence would BE A GREAT RELIEF! Please stop posting it!
Dear StrongBad,
How do you type with boxing gloves on your hands?
Sincerely,
fhqwgads
What's really funny is reading all the comments of people getting pissed off :) Way to go, Taco!
-- To gain that which is worth having, it may be necessary to lose everything else. Bernadette Devlin McAliskey
This has probably been asked numerous times but I'll ask, no, PLEAD....Can we stop with the marginally funny april fools posts? Aw screw it, I'm going to google news.
...of this
Yes, beat the horse! It had it coming!
Hey CT, how many times is this going to be posted? I know it's 4/1 but there's what, four posts so far? I half wish the RFC was real.
--
If I actually could spell I'd have spelled it right in the first place.
I just read your post after posting mine a little further down the line (Guy's, It's a joke on YOU!)
I just like that we both ended with 'Get a life'
And now, I think I'll go and try to find mine
Keep passing the open windows...
That is absolutly funny as all hell that I got modded "0, Redundant"!
:-) )
Thank you moderators, whoever you are! You helped with the joke!
(seriouly, thank you! That was the reaction I was looking for!
I'm not a prophet or a stone-age man,
I'm just a mortal with potential of a super man.
why's that a surprise?
it wasn't funny in the first place.
So we just need DRM to ensure that only proper attack and non-attack programs keep the bit set properly.
Come on Palladium!!
Evil-Bit Patches for FreeBSD (not made by me)
s table.patch p atch . patch
ftp://ftp.jurai.net/users/winter/patches/rfc3514-
ftp://ftp.jurai.net/users/winter/patches/rfc3514.
ftp://ftp.jurai.net/users/winter/patches/IFF_EVIL
Pulling up the 4th article on the evil bit and seeing an in-line ad for Visual Studio.NET (try it - no obligation) - God, there's gotta be a joke there somewhere...
when you can't distinguish between editor incompetence and an April Fools joke. They look oddly the same!
---------------------------- DevNull - a discernible void in the province of Saskatchewan
Looks like someone grabbed Taco and turned on his Stupid Bit.
... and this time, it's personal!
Each time a new topic is posted, the previous day's topics are searched for similar ones. If they found, then a slashdot reviewer is notified. If not, the topic goes frontpage as is.
/.
I think it is quite simple for you guys. It will certainly raise the quality of the otherwise excellent
It must be true! ;)
Google News search: "evil bit"
You want a sig? I can get you a sig... Hell, I can get you a sig by 3 o'clock this afternoon... with nail polish.
This has been implemented in FreeBSD 5.0, according to the security mailing list. You can get a patch for -stable here:
4 -s table.patch
ftp://ftp.jurai.net/users/winter/patches/rfc351
There is a secure option that can be used in the IP header.
t .h tml#secure
http://www.ee.siue.edu/~rwalden/networking/ipop
00000000 00000000 - Unclassified
11110001 00110101 - Confidential
01111000 10011010 - EFTO
10111100 01001101 - MMMM
01011110 00100110 - PROG
10101111 00010011 - Restricted
11010111 10001000 - Secret
01101011 11000101 - Top Secret
00110101 11100010 - (Reserved for future use)
10011010 11110001 - (Reserved for future use)
01001101 01111000 - (Reserved for future use)
00100100 10111101 - (Reserved for future use)
00010011 01011110 - (Reserved for future use)
10001001 10101111 - (Reserved for future use)
11000100 11010110 - (Reserved for future use)
11100010 01101011 - (Reserved for future use)
Yet it was obvious from the description:
The bit field is laid out as follows:
0
+-+
|E|
+-+
Currently-assigned values are defined as follows:
0x0 (snip)
0x1
The press release is pretty clear: "For years, in the interest of the overall health of the computer industry, we permitted the free and unfettered use of our proprietary numeric systems. However, changing marketplace conditions and the increasingly predatory practices of certain competitors now leave us with no choice but to seek compensation for the use of our numerals."
More terrifying are the implications, if you keep reading: "Because all integers and natural numbers derive from one and zero, Microsoft may, by extension, lay claim to ownership of all mathematics and logic systems, including Euclidean geometry, pulleys and levers, gravity, and the basic Newtonian principles of motion, as well as the concepts of existence and nonexistence," Yale University theoretical mathematics professor J. Edmund Lattimore said. "In other words, pretty much everything."
After all, these guys invented the Internet, right ?
Ride that dead horse! Ride 'im, boy!
I personally find the repetition humorous. It's like the Simpsons episode (Cape Feare?) where Sideshow Bob steps on the rakes over, and over, and over again. It goes from funny, to "ok, when is this going to stop", to "alright, this is pretty damned comical".
"People will be talking about this for years!" *rubs hands together*
--
Power to the Peaceful
Yeah, I also find it funny that their main April's Fools joke is about something *we* often joke about -- their dupes...
It's amazing that even the *fourth* time (where the editor hasn't updated the news item to say "Yes, it's obviously a dupe" like they use to), people are still saying "uuuhh what are the editors smoking".
Dang humorless nerds =)
Beware: In C++, your friends can see your privates!
I'm employing a Full Software Development Life Cycle Methodology (FSDLCM) with Extreme Programming to modify my TCP stack for an Evil Bit Payload Control System(EBPCS). Using the latest Rational Tools I've already made several lengthy iterations on a UML modeling with advanced design patterns including the Inactive Observer and Simpleton Factory. The enabling features of Rational Rose groupware has empowered everyone from marketing to sales and janitorial staff to participate and pool their synergism in the IT architectural process. ~
Then again....
Restore America: Dr. Ron Paul for President!
Pleeeeze...