throbber
USENIX Association
`
`Proceedings of the
`9th USENIX Security Symposium
`
`Denver, Colorado, USA
`August 14 –17, 2000
`
`THE ADVANCED COMPUTING SYSTEMS ASSOCIATION
`
`For more information about the USENIX Association:
`All Rights Reserved
`© 2000 by The USENIX Association
`Phone: 1 510 528 8649
`FAX: 1 510 548 5738
`Email: office@usenix.org
`WWW: http://www.usenix.org
`Rights to individual papers remain with the author or the author's employer.
` Permission is granted for noncommercial reproduction of the work for educational or research purposes.
`This copyright notice must be included in the reproduced paper. USENIX acknowledges all trademarks herein.
`
`IA1024
`
`Page 1 of 12
`
`

`

`Defeaig TC/  Sack Figeiig
`
`ahew S a G. R be aa Faa ahaia
`Dea e f Eecica Egieeig ad C  e Sciece
`Uiveiy f ichiga
`1301 Bea Ave.
`A Ab  ich. 48109 2122
`f c a aafaa g@eec. ich.ed
`
`Abac
`
`Thi ae decibe he deig ad i e ea
`i  f a TC/  ack (cid:12)gei c bbe. The
`(cid:12)gei c bbe i a ew   eic a e
` e e  abiiy  dee ie he eaig y
`e f a he h   he ew k. A wig e
`ie  bew k  be e ey caed ad cha
`aceized e  ec iy v eabiiie. Secif
`icay eaig ye ex i ca be eÆciey
`  agai a e caed ew k beca e ex i
`wi  ay y w k agai a eci(cid:12)c eaig
`ye   fwae  ig  ha af  . The
`(cid:12)gei c bbe w k a b h he ew k ad
`a  aye  c ve a big  aÆc f a
`hee gee  g  f h  i aiized acke
`ha d   evea c e ab  he h  eaig
`ye . Thi ae eva ae he ef  ace f
`a (cid:12)gei c bbe i e eed i he FeeBSD
`kee ad k a he i iai  f hi a ach.
`
`1 Decii 
`
`TC/  ack (cid:12)geiig i he  ce f de
`e iig he ideiy f a e e h   eaig
`ye by aayzig acke f ha h . Feey
`avaiabe    ch a  a [3] ad  e [15]
`exi  ca TC/  ack eÆciey by  icky
` achig  ey e  agai a daabae f k w
` eaig ye . The ea  hi i caed \(cid:12)ge
`iig" i heef e bvi ; hi  ce i i i
`a  ideifyig a k w e  by akig hi
`  he i e (cid:12)gei ad (cid:12)dig a ach i
`a daabae f k w (cid:12)gei. The di(cid:11)eece
`i ha i ea (cid:12)geiig aw ef ce e age
`cie e (cid:12)geiig  ack d w  eced ci
`ia;
`i c  e ew kig  eia aacke
`
`ca e (cid:12)geiig   icky ceae a i f a
`ge.
`
`We ag e ha (cid:12)geiig   ca be ed  aid
` c   e i hei ae   beak i
`  di  c  e ye . A e ca b id  a
` (cid:12)e f  addee ad c e dig eaig
`ye  f  ae aack.  a ca ca a  be
`w k f 254 h  i y a few ec d  i ca
`be e   ca vey  wy i.e. ve day. Thee
`e  ca be c ied ve week  h ad
`c ve age  i  f a ew k. Whe  e e
`dic ve a ew ex i f  a eci(cid:12)c eaig y
`e  i i i e f  a aacke  geeae a ci
`   he ex i agai each c e dig h 
` achig ha eaig ye . A exa e igh
`be a ex i ha ia c de  a achie  ake
`a i a diib ed deia f evice aack. Fi
`geiig ca ca a  eiay e   ivia
`a  f ew k e ce ic dig badwidh
`ad  ceig i e by i i  deeci  ye 
`ad  e.
`
`Figeiig  vide (cid:12)e gaied dee iai 
` f a eaig ye .
`F  exa e  a
`ha k wedge f 21 di(cid:11)ee vei  f i x.
`he eh d f dee iig a eaig y
`e ae geeay c ae gaied beca e hey e
`aicai  eve eh d. A exa e i he ba
`e eage a e eceive whe he  he e e
`e  c ec  a achie. ay ye  feey
`adveie hei eaig ye i hi way. Thi
`ae d e   dea wih b ckig aicai  eve
`(cid:12)geiig beca e i  be dea wih  a
`aicai  by aicai  bai.
`
`A  evey ye c eced  he ee i
`v eabe  (cid:12)geiig. The aj  eaig
`ye  ae   he y TC/  ack idei(cid:12)ed
`by (cid:12)geiig  . R e wiche h b
`
`IA1024
`
`Page 2 of 12
`
`

`

`bidge e bedded ye  ie (cid:12)ewa web
`ca ea ad eve ga e c  e ae idei(cid:12)abe.
`ay f hee ye  ike  e ae i  a
`a f he ee ifa c e ad c  i
`ig ifa c e i a e ei   be ha
`c  iig ed h . Theef e a geea ech
`ai   ec ay ye i eeded.
`
`S e e e ay c ide ack (cid:12)geiig a
` iace ahe ha a ec iy aack. A wih
`    (cid:12)geiig ha b h g d ad bad
` e. ew k ad iia  h d be abe  (cid:12)
`gei achie de hei c   (cid:12)d k w
`v eabiiie. Sack (cid:12)geiig i   ece
`aiy iega  a idicai  f aici  behav
`i  b  we beieve he  be f ca wi g w
`i fe ecy a e e e acce he ee ad
`dic ve eay  e    ch a  a. A  ch
`ew k ad iia  ay   be wiig  ed
`i e  ey ackig d w wha hey c ide
`ey ab e each i e hey cc .
` ead hey
` ay ch e  eeve hei e ce f  f b w
`i i . A  hee ay be ew k ha  i
`ge a h iy ha ad iiaive c  ve  ch
`a a iveiy eidece ha. A  ha deec
`(cid:12)geiig ca b    he away w d a
` w ad iia   ack ae  whie keeig
`he f eeaig i ca ew k.
`
`Thi ae ee he deig ad i e eai 
` f a   defea TC/  ack (cid:12)geiig. We
`ca hi ew  a (cid:12)gei c bbe. The (cid:12)ge
`i c bbe i aaey ie ed bewee
`he ee ad he ew k de  eci . The
`ieded e f he c bbe i f  i  be aced
`i f  f a e f ed h   a e f ew k
`ifa c e c  e. The g a f he  i
` b ck he aj iy f ack (cid:12)geiig ech
`i e i a geea fa caabe ad aae
` ae.
`
`We decibe a exei ea eva ai  f he 
`ad h w ha  i e eai  b ck k w (cid:12)
`gei ca ae  ad i eaed  b ck f
` e ca. We a h w ha  (cid:12)gei c b
`be ca ach he ef  ace f a ai  f 
`wadig gaeway  he a e hadwae ad i a
` de f agi de e caabe ha a a 
`eve (cid:12)ewa.
`
`The e aiig eci  ae gaized a f w. We
`decibe TC/  ack (cid:12)geiig i e deai
`i Seci  2.
`  Seci  3 we decibe he deig
`ad i e eai  f  (cid:12)gei c bbe. 
`
`Seci  4 we eva ae he vaidiy ad ef  ace
` f he c bbe.  Seci  5 we c ve eaed w k
`ad i Seci  6 we c ve f  e dieci . Fiay
`i Seci  7 we  aize  w k.
`
`2 TC/  Sack Figeiig
`
`The  c ee ad widey ed TC/  (cid:12)
`geiig   day i  a.  e a daabae
` f ve 450 (cid:12)gei  ach TC/  ack 
`a eci(cid:12)c eaig ye  hadwae af  .
`Thi daabae ic de c ecia eaig y
`e   e wiche (cid:12)ewa ad ay he
`ye . Ay ye ha eak TC/  i  e
`iay i he daabae which i daed fe ey.
` a i fee  d w ad ad i eay  e. F 
`hee ea  we ae g ig  eic  ak f
`exiig (cid:12)geiig     a.
`
` a (cid:12)gei a ye i hee e. Fi i
`ef   a   ca  (cid:12)d a e f e ad c ed
`TC ad UD  . Sec d i geeae eciay
`f  ed acke ed he  he e e h  ad
`ie f  e e. Thid i e he e  f
`he e  (cid:12)d a achig ey i i daabae f
`(cid:12)gei.
`
` a e a e f ie e  ake i ch ice f 
`eaig ye . A e c i f e  e ack
`e ad he e e eceived. Eigh f  a  e
`ae ageed a he TC aye ad e i ageed a
`he UD aye. The TC e ae he  i  
`a beca e TC ha a  f i  ad vaiabi
`iy i i e eai .  a k a he de f
`TC i  he ae f iiia e ece 
`be  eve (cid:13)ag  ch a he d   fag e bi
`he TC (cid:13)ag  ch a RST he adveied wid w
`ize ad a few e hig. F  e deai i
`c dig he eci(cid:12)c i  e i he e acke
`efe  he h e age f   a [3].
`
`Fig e 1 i a exa e f he   f  a
`whe caig  EECS dea e  web eve
`www.eec. ich.ed  ad e f  dea e 
`ie. The TC e ece edici  e  c e
`f  a  dee iai  f h w a h  ice e
`i iiia e ece  be f  each TC c ec
`i . ay c ecia eaig ye  e a a
`d   iive ice e b  i e ye  ed
` e (cid:12)xed ice e  ice e baed  he
`i e bewee c eci  ae .
`
`IA1024
`
`Page 3 of 12
`
`

`

`a
`
`TC Se ece edici :
`Ca= y ad
`Diffic y=9999999 G d ck!
`Re e eaig ye g e:
`i x 2.0.35 37
`
`b
`
`TC Se ece edici :
`Ca=ivia i e deedecy
`Diffic y=1 Tivia j ke
`Re e eaig ye g e:
`Xe x D c i 40
`
`Fig e 1:    f a  a ca agai a a web
`eve  ig i x ad b a haed ie.
`
`Whie  a c ai a  f f ci aiy ad d e
`a g d j b f ef  ig (cid:12)e gaied (cid:12)gei
`ig i d e   i e e a f he echi e ha
`c d be ed. Vai  i ig eaed ca c d
`be ef  ed. F  exa e dee iig whehe
`a h  i e e TC Tah e  TC Re by
`i iaig acke  ad wachig ec vey behav
`i . We dic  hi hea ad  eia 
`i  i Seci  3.2.4. A  a eie e 
`c d a e eh d  ch a  cia egieeig
`  aicai  eve echi e  dee ie a h  
` eaig ye . S ch echi e ae ide he
`c e f hi w k. weve hee wi i be a
`eed  b ck TC/  (cid:12)geiig ca eve if
`a aicai  eve (cid:12)geiig  i deve ed.
`C ey TC/  (cid:12)geiig i he fae ad
`eaie eh d f  ideifyig e e h  ea
`ig ye  ad i d cig echi e ha age
`aicai  wi   ake i b ee.
`
`3.1 G a ad eded Ue f Fige
`i Sc bbe
`
`The g a f he (cid:12)gei c bbe i  b ck
`k w ack (cid:12)geiig echi e i a geea
`fa caabe ad aae ae. The 
`h d be geea e gh  b ck cae f ca
`  j  eci(cid:12)c ca by k w (cid:12)geiig  .
`The c bbe    i d ce ch aecy ad
`  be abe  hade ay c c e TC c 
`eci . A  he (cid:12)gei c bbe   
`ca e ay  iceabe ef  ace  behavi a dif
`feece i ed h . F  exa e i i deiabe 
`have a ii a e(cid:11)ec  TC  c gei  c 
` echai  by   deayig  d ig acke 
`eceaiy.
`
`We ied f  he (cid:12)gei c bbe  be aced
`i f  f a e f ye  wih y e c ec
`i   a age ew k. We exec ha a (cid:12)ge
`i c bbe w d be  a iaey i e
` eed i a gaeway achie f a A f he
`e gee  ye  i.e. Wid w S ai acS
`ie wiche  a age c  ae  ca  
`ew k. A gica ace f   ch a ye w d be
`a a f a exiig (cid:12)ewa. A he e w d be
`   a c bbe i f  f he c  c eci 
` f  e. The ew k de  eci   be
`eiced  havig e c eci   he ide
`w d beca e a acke aveig  ad f a
`h   ave h gh he c bbe.
`
`Beca e he c bbe a(cid:11)ec y aÆc vig
`h gh i a ad iia   he  ed ide f
`he ew k wi i be abe  ca he ew k.
`Aeaivey a  acce i   e he a
`heicai  echai c d be added  he (cid:12)
`gei c bbe  a w a h ized h   by
`a c bbig.
`
`3 Figei Sc bbe
`
`3.2 Figei Sc bbe Deig ad
` e eai 
`
`We deve ed a  caed a (cid:12)gei c bbe 
`e ve a big iie f TC/  aÆc ha give
`c e  a h   eaig ye .  hi eci  we
`dic  he g a ad ieded e f he c bbe
`ad i deig ad i e eai . We de ae
`he vaidiy f he c bbe i he face f k w
`(cid:12)geiig ca ad give ef  ace e  i
`he ex eci .
`
`We deiged he (cid:12)gei c bbe  be aced
`bewee a  ed ew k f hee gee  ye 
`ad a  ed c eci  i.e. he ee. The
`c bbe ha w ieface; e ieface i de
`igaed a  ed ad he he i deigaed a
`  ed. A acke c ig f he  ed i
`eface i f waded  he  ed ieface ad
`vice vea. The baic deig icie i ha daa
`
`IA1024
`
`Page 4 of 12
`
`

`

`isg_tcpin
`
`isg_forward
`
`isg_output
`
`isg_input
`
`ip_input
`
`ip_forward
`
`ip_output
`
`ipintr
`
`ether_input
`
`ether_output
`
`Fig e 2: Daa (cid:13) w h gh di(cid:12)ed FeeBSD ke
`e.
`
`c ig i f he  ed ieface i haded
`di(cid:11)eey ha daa aveig   he  ed
`ieface.
`
`The (cid:12)gei c bbe eae a he  ad
`TC aye  c ve a wide age f k w ad 
`eia (cid:12)geiig ca. We c d have i y
`i e eed a few f he echi e dic ed i
`he f wig eci   defea  a. weve he
`g a f hi w k i  ay ahead f h e deve
` ig (cid:12)geiig  . By akig he c bbe
` eae a a geeic eve f  b h  ad TC we
`fee we have aied he ba  Æciey high.
`
`The (cid:12)gei c bbe i baed (cid:11) he   c
`c bbe by aa e a. [7]. The   c c b
`be eae a he  ad TC aye f he 
` c ack.
`  i a e f kee di(cid:12)cai  
`a w fa TC (cid:13) w eae by  av id TC ie
`i  ad deei  aack a decibed by acek ad
`ewha [13]. The   c c bbe f w TC
`ae aii  by aiaiig a  a a  f
`ae f  each c eci  b  i eave he b k f
`he TC  ceig ad ae aieace  he
`ed h . Thi a w a ade (cid:11) bewee he e
`f  ace f a aee  i  wih he c  f
`a f a  aye  xy. The   c c bbe
`i i e eed de FeeBSD ad we c i ed
` de FeeBSD 2.2.8 f   deve  e.
`
`Fig e 2 h w he daa (cid:13) w h gh he kee f 
`he (cid:12)gei c bbe. acke c e i f ei
`he he  ed   ed ieface h gh a
`Ehee dive.
` c ig  acke ae haded
` i i  h gh a  fwae ie  j  a
`w d be d e   ay. A (cid:12)e i i i  de
`e ie if he acke h d be f waded  he
`TC c bbig c de.
` f   he i f w he
`
` f i
`  a  f wadig ah  i  .
`i he ig i   SG ad f  ee Sc b
`big Gaeway ef    fag e eae by
`if eceay ad ae he acke  ig ci.
` ide ig ci he c bbe kee ack f he
`TC c eci   ae. The acke i aed 
`ig f wad  ef  TC eve  ceig. Fi
`ay ig   di(cid:12)e he ex h  ik eve
`adde ad ig    i   had he
`acke aigh  he c ec device dive ieface
`f  he  ed   ed ik.
`
`We  a ake  e ha di(cid:11)eece i he ack
`e e by he  ed h   he  ed h 
`d   evea c e. Thee check ad di(cid:12)cai 
`ae d e i ig f wad f  TC di(cid:12)cai 
`ig   f   di(cid:12)cai   TC eg e
`ad i   f   di(cid:12)cai     TC
`acke.
`
`3.2.1  c bbig
`
`  eve a big iie aie aiy i  heade (cid:13)ag
`ad fag e eae by ag ih .  difyig
`(cid:13)ag e ie  ae b  e ie adj  e f he
`heade check . Reae by h weve e ie
`fag e  be  ed a he c bbe. ce a
`c eed  daaga i f  ed i ay eed 
`be e fag eed  he way  he ieface.
`
`The (cid:12)gei c bbe e he c de i Fig e 3
`   aize  ye f evice ad fag e bi i
`he heade. Thi cc  f  a C G UD
`TC ad he acke f    c  b i    f
` . Uc  ad geeay  ed c biai 
` f TS bi ae e ved.  he cae ha hee bi
`eed  be ed i.e. a exei ea di(cid:12)cai 
`  hi f ci aiy c d be e ved.  
`TC/  i e eai  we have eed ig e he
`eeved fag e bi ad ee i  0 if i i e b 
`we waed  be afe  we ak i  exiciy.
`The d   fag e bi i ee if he TU f he
`ex ik i age e gh f  he acke. Thi check
`i   h w i he (cid:12)g e.
`
` difyig he d   fag e bi c d beak TU
`dic vey h gh he c bbe. e c d ag e
`ha he ea  y w d   he (cid:12)gei c b
`be i ace i  hide if  ai  ab  he ye 
`behid i. Thi igh ic de   gy ad bad
`widh if  ai . weve  ch a di(cid:12)cai  i
`c  veia. We eave he decii   whehe 
`
`IA1024
`
`Page 5 of 12
`
`

`

`egh f 576 bye ae a wed. weve  a
`ake advaage f he fac ha ceai eaig
`ye   e di(cid:11)ee a  f daa. T c e
`hi we f ce a C e  eage c ig f
`he  ed ide  have daa ay ad f y 8
`bye by  caig age daa ay ad. Aea
`ivey we c d k iide f C e  eage
` dee ie if   eig i beig ed.
` f  
`he we w d a w e ha 8 bye.
`
`3.2.3 TC c bbig
`
`The TC   c c bbe we baed he (cid:12)gei
`c bbe  c ve TC ea  i a big
`  (cid:13) w by keeig a  a a  f ae e
`c eci . The   c c bbe kee ack f
`TC c eci  ig a i i(cid:12)ed TC ae dia
`ga . Baicay i kee ack f e c eci 
`by f wig he adad TC hee way had
`hake 3WS. Thi a w he (cid:12)gei c bbe
` b ck TC ca ha d   begi wih a 3WS.
`  fac he (cid:12) e i (cid:12)geiig a ye i
`yicay    a   ca  dee ie e ad
`c ed  . Seahy eaig diÆc   deec
`echi e f    caig d   ef  a 3WS
`ad ae heef e b cked. y ca ha c i
` a 3WS wi ge h gh.
`
`A age a  f if  ai  ca be geaed f
`TC i . We did   wa  dia w ce
`ai i  beca e  e f he aid i he e
`f  ace f TC i.e. SAC  ye ae   widey
`de yed. Theef e we eiced  di(cid:12)cai 
` e deig he i  wihi he TC heade.
`We i y  vide a ca ica deig f he TC
` i  k w  . Uk w i  ae ic ded
`afe a k w i . The hadig f k w
` i  ad deig ca be c (cid:12)g ed by he ed
` e.
`
`We a defea ae  a edicig TC e ece
` be by difyig he   a e ece  be
` f ew TC c eci . The (cid:12)gei c bbe
` e a ad  be whe a ew c eci  i
`iiiaed. Each TC eg e f  he c eci 
`aveig f he  ed ieface  he  ed
`ieface ha i e ece  be ice eed by
`hi va e. Each eg e f  he c eci  ave
`ig i he  ie dieci  ha i ack wedg e
` be dece eed by hi va e.
`
`/
`   aize  ye f evice fag
`/
`wich i >i_ 
`{
`
`cae TS_WDEAY:
`cae TS_TRUGUT:
`cae TS_RE AB  TY:
`cae TS_ CST:
`cae TS_WDEAY| TS_TRUGUT:
`beak;
`defa :
`i >i_  = 0;
`
` 
`
`} /
`
`ak  eeved fag e fag.
` The TU f he ex d wea ik
` i age e gh f  he acke 
` cea he d   fag e fag.
`/
`i >i_ ff = ~ _RF| _DF;
`
`Fig e 3: C de fag e    aize  heade
`(cid:13)ag.
`
`   cea he d   fag e bi   he ed
` e by a wig he i   be  ed (cid:11).
`
`The fag e eae by c de i a ighy di
`(cid:12)ed vei  f he adad i e eai  i he
`FeeBSD 2.2.8 kee.  kee fag e  a e
` f d by iked i.  (cid:12) cac ae a hah 
`dee ie which i he fag e a  . A i
`ea each i d e ve hi i  (cid:12)d he  daa
`ga he fag e g e wih ad i ace wihi
`he daaga . d daa i he fag e  e e i
`away ch e ve ew daa.
`
`3.2.2 C c bbig
`
`  hi eci  we decibe he di(cid:12)cai  he (cid:12)
`gei c bbe ake  C eage. We
` y dify C eage e ig f he
` ed ide back  he  ed ide beca e (cid:12)
`geiig eie  C e e ad   e
` e. Seci(cid:12)cay we dify C e  e
`age ad ae i i a g ig C eage.
`
` C e  eage ae ea  ic de a ea
`he  heade   8 bye f daa f he acke
`ha ca ed he e . Acc dig  RFC 1812 [1] a
` ay bye a  ibe   a  a C acke
`
`IA1024
`
`Page 6 of 12
`
`

`

`ICMP Request
`ICMP Reply
`
`
`
`00
`
`
`
`200200
`
`
`
`400400
`
`
`
`600600
`
`
`
`800800
`
`
`
`10001000
`
`
`
`ICMP message arrival time (ms)ICMP message arrival time (ms)
`
`Fig e 4: C ae i iig f e ig C
`ech eie ca ed ig cd .
`
`3.2.4 Ti ig aack
`
`The (cid:12)geiig ca we have deiged he (cid:12)
`gei c bbe  b ck    w have a bee
`aic  ey e e ye  be. A h  caef y
`f    eie ed he  a h  ad aayze
`he e e  ack f e e. A he  ibe
`f  f ca i e ha eie  i ig e e.
`F  exa e he caig h  c d e a TC
`c eci  i ae a acke  ad wach he
`ec vey behavi  f he he h .
`
`  w d be vey diÆc   ceae a geeic eh d
`f  defeaig i ig eaed ca eeciay 
`k w ca. e a ach w d be  add a
` a ad a  f deay  acke g ig
`  he  ed ieface. The c bbe c d
`eve f wad acke  f de. weve hi
`a ach w d i d ce a iceaed a  f
` e ig deay ad  baby degade ef  ace.
`  addii  hee ea e ae   g aaeed 
`b ck ca. F  exa e eve wih  a a 
` f ad deay i w d be eaivey eay  dee
` ie if a TC ack i e e TC Tah e  TC
`Re baed  i aed e beca e a acke e
`a ied afe a RT ha a ch age deay
`ha e ea ied beca e f fa ea i.
`
`We i e eed  eci  agai e  ibe
`i ig eaed ca. S e eaig ye  i e
` e C ae i iig b  hey d  a di(cid:11)e
`e ae ad  e d   d ay ae i iig. We
`added a aa ee f  C ae i iig  he (cid:12)
`gei c bbe  defea  ch a ca. The c b
`be ec d a i ea  whe a C eage
`ave f he  ed ieface  he  ed
`ieface. The i ea  ae ke i a  a hah
`abe efeeced by he c biai  f he  ce
`ad deiai   addee. Bef e a C e
`age i f waded  he g ig  ed ie
`
`face i i checked agai he cached i ea .
`The acke i d ed if a ceai a  f i e
`ha   aed ice he evi  C eage
`wa e  ha deiai  f he  ce eci
`(cid:12)ed i he cache.
`
`Fig e 4 h w he (cid:12)gei c bbe ae i iig
` C ech e e ad eie.  hi iace
`a  ed h  i edig C ech e e
` ce evey 20 iiec d ig he f (cid:13)ag wih
`ig (cid:13) dig. The c bbe a w he e e
`h gh  di(cid:12)ed ice we ae   yig  hide
`he ideiy f he  ed h  f he  ed
`h . A he C ech eie c e back h weve
`he (cid:12)gei c bbe ake  e ha y h e
`eie ha c e a ea 50  aa ae f waded.
`Sice he e e ae c ig 20  aa f  evey
`hee e e e ey wi ake i h gh he
`c bbe. Theef e he  ed h  eceive a
`ey ce evey 60 .
`
`We ch e 50  f  c veiece beca e ig f
`geeae a ea f C ech e e 20 
`aa ad we waed he ae i iig  be 
`iceabe. The exac va e f  a  d ci  ye
`w d have  be dee ied by a ad iia  
`baed   evi  C (cid:13) d aack heh d.
`The g a wa  h geize he ae f C aÆc
`aveig f he  ed ieface  he  ed
`ieface beca e eaig ye  ae i i hei
` C eage a di(cid:11)ee ae. A he eh d
`f  c f ig a (cid:12)geie w d be  add  a
`ad deay  each C eage. S ch a a
` ach w d e ie keeig e ae. We ca add
`deay  C eie a  ed  TC eg e
`beca e hey w   a(cid:11)ec ew k ef  ace.
`
`4 Eva ai  f Figei Sc bbe
`
`Thi eci  ee e  f a e f exe
`i e we ef  ed  dee ie he vaidiy
`h gh  ad caabiiy f he (cid:12)gei c b
`be. They h w ha  c e i e eai 
`b ck k w (cid:12)gei ca ae  ad ca
` ach he ef  ace f a ai  f wadig
`gaeway  he a e hadwae. The exei e
`wee c d ced ig a e f kee wih di(cid:11)ee
`(cid:12)gei c bbig i  eabed f  c ai
` .
`
`The c bbe ad ed h  each had 500 z e
`
`IA1024
`
`Page 7 of 12
`
`

`

`10.0.0/24
`
`Fingerprint
`Scrubber
`
`Trusted Servers
`
`a
`
`Untrusted Clients
`
`10.1.0/24
`
`Fig e 5: Exei ea e  f  ea ig he e
`f  ace f he (cid:12)gei c bbe.
`
`i CU ad 256 egabye f ai e
` y. The ed h  each had e 3C 3c905B
`Fa Eheik X 10/100BaeTX Ehee cad x
`device dive. The gaeway had w e Ehe
`Exe  10/100B Ehee cad fx device
`dive. The ew k wa c (cid:12)g ed  have a
`aÆc f 10.0.0/24 g  10.1.0/24 h gh he
`gaeway achie. Fig e 5 h w h w he hee
` achie wee c eced a we a he  ed ad
`  ed d ai.
`
`4.1 Defeaig (cid:12)gei ca
`
`T veify ha  (cid:12)gei c bbe did ideed
`defea k w ca ae  we ie ed  gae
`way bewee a e f achie  ig di(cid:11)ee
` eaig ye . The eaig ye  we a
`ca agai de c  ed c dii  i  ab
`wee FeeBSD 2.2.8 S ai 2.7 x86 Wid w T
`4.0 S 3 ad i x 2.2.12. We a a ca
`agai a  be f   a web ie ad ca  
`w kai  eve ad ie.
`
` a wa c iey abe  dee ie a f
`he h  eaig ye  wih  he (cid:12)gei
`c bbe ie ed. weve i wa c eey
` abe  ake eve a c e g e wih he (cid:12)ge
`i c bbe ie ed.  fac i wa  abe 
`diig ih ch ab  he h  a a. F  exa
`e wih  he c bbe  a wa abe  acc
`aey ideify a FeeBSD 2.2.8 ye i  ab.
`Wih he c bbe  a g eed 14 di(cid:11)ee e
`aig ye  f hee ved . Each g e wa
`w g. Fig e 6 h w a c deed e  f he
`g ee  a ade agai FeeBSD bef e ad af
`e ie ig he c bbe.
`
`The w ai c  e ha aid i b ckig  a
`ae he ef ce e f a hee way hadhake f 
`TC ad he e deig f TC i . ay f
` a  ca w k by edig  be wih  he
`
`Re e eaig ye g e:
`FeeBSD 2.2.1 3.2
`
`b
`
`Re e S g ee:
`A X 4.0 4.1 A X 4.02.0001.0000
`A X 4.1 A X 4.1.5.0 A X 4.2
`A X 4.3.2.0  a B RS/
`Ra  Fiewa 6  S ai 2.6
`S ai 2.5 2.5.1 S ai 2.6 2.7
`S ai 2.6 2.7 X86
`S ai 2.6 2.7 wih c_ g_i=0
`S ai 2.6 2.7 wih c_ g_i=2
`S  S ai 8 eay acce bea 5.8
`Bea_Refeh Feb ay 2000
`
`Fig e 6: a eaig ye g e bef e (cid:12)
`gei c bbig ad b afe (cid:12)gei c b
`big f  a  a ca agai a achie  ig
`FeeBSD 2.2.8.
`
`SY (cid:13)ag e  hey ae dicaded igh away. Si
`iay eaig ye  vay geay i he de
`ha hey e  TC i . Theef e  a  f
`fe f a age  i avaiabe if  ai .
`
`We ied hi   be geea e gh  b ck
` eia  ew ca a . We beieve ha he i
`c i  f  heade (cid:13)ag   aizai  ad  fag
` e eae by aid i ha g a eve h gh we
`d   k w f ay exiig  ha ex i  ch
`di(cid:11)eece.
`
`4.2 Th gh 
`
`We c d ced a exei e  e he aw
`h gh   ibe h gh he (cid:12)gei c b
`be. The h gh  wa ea ed ig he
`eef bech ak [11]. The hee e achie
`wee c eced ig a 100 b wich.
`
`We ea ed b h he h gh  f he  ed
`ide   he  ed ide ad f he 
` ed ide i he  ed ide. Thi wa  ake
`i acc   ay eic (cid:12)eig f he af
`(cid:12)c. We a exei e f  TC aÆc  h w
`he a(cid:11)ec f a b k TC afe ad f  UD 
`execie he fag e eae by c de. We ed
`hee kee  he gaeway achie  e di(cid:11)e
`e f ci aiy f he (cid:12)gei c bbe. The
`  f wadig kee i he  di(cid:12)ed FeeBSD
`
`IA1024
`
`Page 8 of 12
`
`

`

`IP forwarding
`Fingerprint scrubbing
`Fingerprint scrubbing w/ IP fragment reassembly
`Plug−gw proxy
`
`10
`
`20
`
`30
`
`40
`
`50
`
`60
`
`Number of clients
`
`3000
`
`2500
`
`2000
`
`1500
`
`1000
`
`500
`
`Requests serviced per second
`
`0
`
`0
`
`Fig e 7: C eci  e ec d h gh he gae
`way.
`
`Tabe 1 h w he TC b k afe e  f  a
`  ed h  c ecig  a  ed h . Tabe 2
`h w he e  f  a  ed h  c ecig  a
`  ed h . The (cid:12) e  i ha b h diec
`i  h w he a e h gh . The ec d ad
` e i  a e  i ha eve whe a f he
`(cid:12)gei c bbe  f ci aiy i eabed we ae
`eeig a h gh  a  exacy ha f he ai
`  f wadig. The badwidh f he ik i bvi
` y he ciica fac  f  a f he h gh 
`exei e heef e we w d ike    hee
`exei e agai  a fae ew k i he f  e.
`
`We a he UD exei e wih he  f wadig
`kee ad he (cid:12)gei c bbig kee wih 
`fag e eae by. Agai we ea ed b h he
`  ed   ed dieci  ad vice vea. T
` ea e he a(cid:11)ec f fag eai  we a he e
`a vayig ize   he TU f he Ehee ik
`ad ab ve.  e ha 1472 bye i he axi
`UD daa ay ad ha ca be a ied ice he
`UD    heade add a addii a 28 bye 
`ge   he 1500 bye TU f he ik. The 2048
`bye e c e d  w fag e ad he 8192
`bye e c e d  (cid:12)ve fag e.
`
`Tabe 3 h w he UD afe e  f  a 
` ed h  c ecig  a  ed h . Tabe 4
`h w he e  f  a  ed h  c ecig 
`a  ed h . ce agai b h dieci  h w
`he a e h gh . We a ee ha he h gh
`  f he (cid:12)gei c bbe wih  fag e e
`ae by i a  exacy ha f he ai  f 
`wadig. Thi i eve  e i he cae f he 8192
`bye e whee he fag e  be eae bed
`
`  F wadig
`Figei Sc bbig
`Figei Sc b.  Fag. Rea.
`Aicai  eve Ta   xy
`
`87.06
`86.86
`87.00
`86.53
`
`Tabe 1: Th gh  f  a ige  ed h   a
` ed h  ig TC b 2.5 a 99 C .
`
`  F wadig
`Figei Sc bbig
`Figei Sc b.  Fag. Rea.
`Aicai  eve Ta   xy
`
`87.06
`86.79
`86.84
`86.53
`
`Tabe 2: Th gh  f  a ige  ed h   a
`  ed h  ig TC b 2.5 a 99
`C .
`
`kee which we e a  baeie f  c ai
` . The (cid:12)gei c bbig kee ic de he
`TC i  e deig  heade (cid:13)ag   aiza
`i  C di(cid:12)cai  ad TC e ece 
`be di(cid:12)cai  b     fag e eae by.
`The a kee i he f (cid:12)gei c bbe wih
`fag e eae by c de  ed .
`
`We a c aed he (cid:12)ge

This document is available on Docket Alarm but you must sign up to view it.


Or .

Accessing this document will incur an additional charge of $.

After purchase, you can access this document again without charge.

Accept $ Charge
throbber

Still Working On It

This document is taking longer than usual to download. This can happen if we need to contact the court directly to obtain the document and their servers are running slowly.

Give it another minute or two to complete, and then try the refresh button.

throbber

A few More Minutes ... Still Working

It can take up to 5 minutes for us to download a document if the court servers are running slowly.

Thank you for your continued patience.

This document could not be displayed.

We could not find this document within its docket. Please go back to the docket page and check the link. If that does not work, go back to the docket and refresh it to pull the newest information.

Your account does not support viewing this document.

You need a Paid Account to view this document. Click here to change your account type.

Your account does not support viewing this document.

Set your membership status to view this document.

With a Docket Alarm membership, you'll get a whole lot more, including:

  • Up-to-date information for this case.
  • Email alerts whenever there is an update.
  • Full text search for other cases.
  • Get email alerts whenever a new case matches your search.

Become a Member

One Moment Please

The filing “” is large (MB) and is being downloaded.

Please refresh this page in a few minutes to see if the filing has been downloaded. The filing will also be emailed to you when the download completes.

Your document is on its way!

If you do not receive the document in five minutes, contact support at support@docketalarm.com.

Sealed Document

We are unable to display this document, it may be under a court ordered seal.

If you have proper credentials to access the file, you may proceed directly to the court's system using your government issued username and password.


Access Government Site

We are redirecting you
to a mobile optimized page.





Document Unreadable or Corrupt

Refresh this Document
Go to the Docket

We are unable to display this document.

Refresh this Document
Go to the Docket