asciilifeform: now it pings, but won't take a tcp socket.
asciilifeform: ( i could even see an argument that, e.g., rawtx eater doesn't belong in trb , and that tx ought to be injected via the ordinary tcp method. but i dun recall having this argument )
asciilifeform: in other noose, https://archive.is/cgpZD >> 'This botnet with 145607 cameras/dvr (1-30Mbps per IP) is able to send >1.5Tbps DDoS. Type: tcp/ack, tcp/ack+psh, tcp/syn.'
asciilifeform: 'I know when ARPANET was being developed, they were interested in physical (wires-level) robustness (i.e., in case of war) – but I’m not aware of any scholarly research going on about how to protect TCP/IP from itself.'
asciilifeform: and it was plugged into a bank of tcp to serial (yes) converters, even.
asciilifeform: Framedragger: i won't touch a tcp 'gossipd'
asciilifeform: and that (b) means either being retarded (services built on tcp, such as www and irc) or some variation on udp.
asciilifeform: (if all-comer can get a challenge, this not only makes you ddosable tcp-style, but turns your gossip net into a ddosatron weapon for any idiot who can get spoofed packets into it)
asciilifeform: syn flood is challenge enough, because tcp is braindamaged.
asciilifeform: the kind that accepts tcp conns from all-comers.
asciilifeform: trinque: 'nothing for showing up' is quite physically impossible with tcp.
asciilifeform: but they ought not to complain when 'my tcp connections are blackholing' or 'someone derived my rsa privkey using known-ciphertext attacks' etc.
asciilifeform: as an only sane possible replacement for tcp.
asciilifeform: phf: the handful of interesting aspects (single-packet friend-or-foe, no tcp) were outlined here.
asciilifeform: but it was ~always~ possible, from day1 of tcp, and this is evident to anyone with a copy of, e.g, richard stevens's 'tcp/ip illustrated'.
asciilifeform: it can also inject crapolade, into any tcp stream whatsoever. this is not a hypothetical, the actual mechanism that is actually used was recently discovered.
asciilifeform: usg can reset any and all tcp connections whenever it feels like it.
asciilifeform: tcp is evil, fundamentally because it violates the 'NEVER something-for-nothing-to-all-comers-FUCKOFFRANDOS' principle.☟︎
asciilifeform: the most galling thing is the VERY NOTION of a tcp that isn't porous. because tcp breaks BOTH of the two, as i found, iron rules of network sanity: 1) NOTHING TO RANDOS FOR FREE 2) NO OPERATIONS ON UNSIGNED INPUT
asciilifeform: ments, we show that the attack is fast and reliable. On average, it takes about 40 to 60 seconds to finish and the success rate is 88% to 97%. Finally, we propose changes to both the TCP specification and implementation to eliminate the root cause of the problem.'
asciilifeform: rther, if the connection is present, such an off-path attacker can also infer the TCP sequence numbers in use, from both sides of the connection; this in turn allows the attacker to cause connection termination and perform data injection attacks. We illustrate how the attack can be leveraged to disrupt or degrade the privacy guarantees of an anonymity network such as Tor, and perform web connection hijacking. Through extensive experi
asciilifeform: 'In this paper, we report a subtle yet serious side channel vulnerability (CVE-2016-5696) introduced in a recent TCP specification. The specification is faithfully implemented in Linux kernel version 3.6 (from 2012) and beyond, and affects a wide range of devices and hosts. In a nutshell, the vulnerability allows a blind off-path attacker to infer if any two arbitrary hosts on the Internet are communicating using a TCP connection. Fu
asciilifeform: lulzily, the iturd is the only phone that reliably works here in the house (because it supports telephony over tcp, transparently, instead of being stuck with tower, ~all of which are far away / weak)
asciilifeform: (tcp, that massive barrel of liquishit, was designed before the discovery of luby code - or any of the subsequent 'fountain' algos)
asciilifeform: alert reader will realize that this abolishes tcp.
asciilifeform: and gossipd is considerably more general than a chat, it is to be a complete replacement for tcp/ip and packet switching as ordinarily understood.
asciilifeform: and incidentally what's packet size to do with irc, it runs on tcp.
asciilifeform: i routinely use, e.g., ida pro under 'wine' over x11 over tcp.
asciilifeform: mircea_popescu: aha, but then some bozo added tcp to it
asciilifeform: mircea_popescu: so then you get flooded with TCP SYNs. same difference.
asciilifeform: it is relevant to having created this bizarre situation where mircea_popescu thinks that tcp somehow solves ANY of the problems discussed earlier
asciilifeform sends warm hello to the nice folks at ft meade sending us tcp FIN's
asciilifeform: once a tcp socket is opened, there is two-way communication.
asciilifeform: (how tcp? over slip/rs232, of course)
asciilifeform: tor is this thing where tcp is bounced via three machines, selected by shitgnomiferous mega-turd of a client, over ssl (ditto)
asciilifeform: ~50MHz 32-bit (oddball architecture) cpu, tcp/ip implemented in hardware, can address via spi (as in sd card) external eeprom.
asciilifeform: i humbly request a copy of r. stevens's 'tcp/ip' bound in his skin.
asciilifeform: decimation: almost certainly the cheapest crystal (if any! might well have rc oscillator!) - given as the thing only works with iPnohe, which has always-on tcp
asciilifeform: it should ask for only a tcp stack and a place to park bytes in some nonvolatile way
asciilifeform: PeterL: most 'alternatives for x11' dispense with the everything-can-be-piped-over-tcp☟︎☟︎
asciilifeform: may as well also be said about tcp over lan, where no packet ought to ever drop unless the place is on fire...
asciilifeform: the_scourge: the 'open' in 'opengenera' is an archaic 1980s usg-ism. it simply refers to the fact that a product features industry-standard protocols like tcp/ip and does not require you to buy the entire universe you live in from one particular vendor.
asciilifeform: the telco drops anything at all coming your way that isn't part of a tcp connection you established earlier
asciilifeform: or are we to believe that a protocol carried 100% in cleartext, on unique tcp port - is not being molested ?
asciilifeform: interestingly, there is, afaik, no support for any of the spiffy bells & whistles (hardware tcp/ip, queueing, packet inspection, etc.) in any civilized os.
asciilifeform: i wouldn't bother arguing the udp/tcp point were it not for the fact that this is not a decision that can be easily re-visited.
asciilifeform: the connection-tracking apparatus of tcp is really half the force behind the sting of 'ddos'
asciilifeform: decimation: he means, i think, generic tcp stream (vs. store-and-forward, which is more or less the only way to even begin resisting elementary traffic analysis)
asciilifeform: people act as if tcp/ip were a moon rocket
asciilifeform: BingoBoingo: given that tcp/ip lets you fuck with ordering, that trivially parallelizes. at least, as fast as you can physically clock the bits off the wire to individual comparison registers, and then back on
asciilifeform: but instead an entity which simulates the behaviour of one where possible (in much the same way a tcp/ip telephone attempts to behave like a traditional electric telephone.)
asciilifeform: 'rewrite the tcp/ip stack so that all traffic is encrypted' << doesn't solve the problem described in the 'enforcement' article.
