Slashdot Mirror

← Back to Stories (view on slashdot.org)

Vista's TCP/IP Promises and Perils

Posted by kdawson on from the packet-to-go dept.

boyko.at.netqos tips us to a new writeup on Vista's TCP/IP stack, which is called Compound TCP/IP (CTCP). From the article: "...security policy will come from a centralized source. When you get your DHCP lease, your computer will report to the stack what OS you're using, what version level, what patches, what anti-virus software that's active — all that kind of stuff. It will have the ability to restrict your network access if you have a down-level machine... We could see a lot of our customers with much higher WAN network utilization because of this new TCP/IP stack... CTCP can be enabled/disabled from the command prompt but there has been no mention of tuning parameters which leads us to ask the question: How are you supposed to configure this setting in Vista?... What worries us... is that Microsoft is basing this on packet round trip time. The round-trip time from the client-side will have the server processing time in it; but the clients aren't likely going to be the running the CTCP at first. If you have a server-to-server backup running, for example, CTCP may think its part of the round-trip time and it'll throw the delay window through the roof..."

8 of 183 comments (clear)

  1. Re:Article summary by complete+loony · · Score: 3, Interesting
    I read some interesting stuff that came out of Microsoft research a while ago. They worked out an algorithm for scanning the structure of an ethernet network. Every Vista box on the network will participate in scanning the ethernet topology periodically, using spoofed MAC addresses. This process can determine the logical structure of the hubs, switches and wireless networks that are between machines. Using methods like this it will be perfectly reasonable for each machine on the network to know the total bandwidth that is available. Some further reading on the new QOS features in Vista also suggests this information can be fed back into applications to allow them to change codecs or otherwise notify the user of networking issues that may be degrading application performance.

    Altogether these are some very interesting concepts, and I hope that they pan out in practice. (I too haven't tested any of this myself).

    --
    09F91102 no, 455FE104 nope, F190A1E8 uh-uh, 7A5F8A09 that's not it, C87294CE no. Ah! 452F6E403CDF10714E41DFAA257D313F.
  2. Re:the whole point...could happen by redelm · · Score: 3, Interesting
    ... until the Linux `dhcpcd` starts faking answers. Which will be Zero-day. A bigger problem will be when the servers does encoded challenge/response ala "Trecherous Computing". As an adjudged monopolist, MS will have be be enjoined from invoking the DMCA.

  3. Re:TCP/IP stack embrace and extend? by nschubach · · Score: 1, Interesting
    but I don't remember there being any provisions for communicating things like OS type, version, or patch lists over the TCP/IP headers.
    I think that's more of the point than "security". They are using security as the buzz word to try to squeeze in more control. It's something like what's going on in the US. You must register your gun in the interest of security, etc. While it might work to keep the common man from doing something stupid, most of the people outside this scope will not be affected by it. This is a sad attempt at MS data collecting and trying to block you from getting on the Internet unless you sign over your first born and give Microsoft co-signer rights on your checkbook. One of the first tactics in war is to take out the communication lines.
    --
    Every time I start to have faith in humanity, I ruin it by driving to work between 7 and 8 am.
  4. Re:Bingo! by mpapet · · Score: 2, Interesting

    The extra effort this entails for BIG deployments of windows will be a temporary headache for a small group of sysadmins until of course they upgrade to the Microsoft server designed to handle this....

    The bigger picture is locking everything out.

    1. Reaching into the networking peripherals market to extract a tax for the privilege of connecting to a Vista PC. Give Microsoft a few cents for every device sold and no consumer will care. Microsoft can then tighten the DRM noose and increase revenue simultaneously.

    2. Making mixed computing environments harder to deploy.

    3. Each Vista PC will obviously send a unique id/signature so DRM and law enforcement knows what you are doing online all of the time. Has it happened? No. Will it happen? Yes. How do I know? Historic evidence of what other monopolies have done makes it a sure bet. Economists also have one of their very exciting graphs illustrating this as well.

    --
    http://www.maxineudall.com/2010/02/should-economists-be-sued-for-malpractice.html
  5. Re:the whole point... by mandelbr0t · · Score: 3, Interesting

    Unix people will note that it has been possible to set up network rules based on OS fingerprint for some time now. PF (used by OpenBSD) has a feature which identifies what OS it is communicating with and allows you to set rules accordingly. The "Building Firewalls with PF and OpenBSD" (2nd. ed.) contains an example showing how to restrict the bandwidth available to machines running Windows operating systems. If Vista brings about a whole bunch of networks that refuse to talk to Linux machines, a concerted OpenBSD action (which they've been known to do in the past) could bring about a whole bunch of networks that refuse to talk to Windows machines. Of course, you'll be able to get around it by installing a patch for your Windows machine that fakes its TCP packets to look like a Linux machine ;)

    mandelbr0t

    --
    "Please describe the scientific nature of the 'whammy'" - Agent Scully
  6. Re:Why build it into the stack? by Creepy+Crawler · · Score: 2, Interesting

    Better yet, each registered MS Windows machine could have their own hidden, protected private key along with a public key.

    To set up what seems to be called "CTCP", all you'd do are have appended DHCP flags already allowed by the standard, with one last extra flag as "SIGNATURE" flag, signed by the private key. All data would be in clear-text, and easily read AND changeable, BUT the signature guarantees unmodification. The MS DHCP server could verify the sig, and grant/refuse an IP address.

    Of course, there'd be many ways to attack that. One, start sending out fake DHCP requests. I'm guessing the server will have a time-out setting that will be in place.. Just send out enough replies from "everyone" in that the floor/building cant connect. Next, send out dupes of requests, but with information changed. MS sig fails, denies IP.

    Law of science: For all technology, there is an equally strong opposing technology.

    --
  7. Re:Linux by tepples · · Score: 2, Interesting

    Unless things drastically change, the ISPs aren't going to give two shits about what you do on their network.

    Things are likely to drastically change.

    It would be great if ISPs started holding computer users accountable for not spreading malicious code or attaching infected machines to the network, but the fact of that matter is that day might very well never come.

    Unless the only high-speed ISP in town is "with MSN Premium". Or unless ISP A makes ISP B's implementation of "trusted" TCP a condition of peering arrangements (otherwise prepare to pay extra for transit to ISP A's customers and/or have packets deprioritized) or e-mail delivery arrangements (otherwise prepare to have e-mail from ISP B routed to ISP A customers' junk mail folders).

  8. 10 LET M$ = "Microsoft" by tepples · · Score: 2, Interesting

    AC: Which items of Paul Rogers' laundry list did twitter's comment violate? If the M$ one was the most significant, consider that M$ is a valid name for a string variable in (at least early dialects of) BASIC; a lot of people thus use M$ to imply that the world might have been a better place had Microsoft kept making languages and office software instead of branching off into operating systems.