The third day is not over yet but for me the interesting presentations are over.
Today I was at the talk about the OpenWrt Project by Waldemar Brodkorb and Felix Fietkau. OpenWrt is a Linux distribution for wireless lan routers, such as Linksys WRT54G and Asus WL500g. The talk gave an overview of the Project and the upcoming development work.
The next talk on my list was BGP in practice, an introduction to BGP by Sabri Berisha. Some very useful hints were presented and Sabri also hinted out http://www.virt-ix.net/, the virtual internet exchange. This IX is a sort of training platform for internet backbone engineers who use the Border Gateway Protocol on their routers. If you join, you will receive a /29 delegation out of 195.149.88.0/24, 193.17.225.0/24 or 194.126.235.0/24, which are real live netblocks assigned by RIPE for this project.
A nice way to play with BGP if you do not have a big network at hand.
Then I went to a presentation about a vulnerability in the TCP/IP stack of many OS:
After an established connection, a specially crafted packet with the ACK/FIN flags set, a corrected Sequency Number but with an incorrected Acknowledge Number will trigger a massive flush of packages with zero size and only the ACK flag set. Ethereal logs showed that the keep alive state was occuring and this flow kept going for approximately 3 minutes and a few million packets. It was clearly observed that CPU and network performance was severed decreased due to this misbehave. Potential attacks includes DoS and DDoS. Applications and services that depends on quality of services (QoS) such as H323 applications (VoIP) and video streamming will suffer dramatic performance downgrade.
The presenters could not state if the problem lies in the implementation of the RFC or in the standard itself. The only OS they tested that is not effected is of course OpenBSD.
The last presentation was by Ruediger Weis. Hashing the Longhorn was about Trusted Computing, Longhorn, and in particular the SHA-1 hash. From the abstract:
Microsoft (Longhorn) and the Trusted Computing Group are working on thebiggest change of the information landscape since decades.One of main problems with these plans is that the computer owner is seenasan adversary. To make DRM ‘successful’ users should no longer have thefull control over their own computers anymore.Because of this cryptographic flaws in the TCG/Longhorn design have to beconsidered exceptionally harmful.Even though cryptographers have warned since many years TCG Longhornspecifications are using SHA-1 as standard hash function.Recent cryptographic results have shown additional a remarkablenumber of new serious security problems and practical attacks.Exemplarily we present new attacks on the digital signatures andthe boot check values which are used in Longhorn/TCG that canfundamentallycompromise ‘trusted’ systems.We warn Microsoft the TCG not to establish a security infrastructurebased on a broken hash algorithm.
Very interesting but a little hard to follow acoustically. The conclusion was that the SHA family is broken and PKI systems that rely on MD5 or SHA-1 are in (near) danger by large organizations and governments.
Apart from the interesting stuff we had to cope with the rain again. My sleeping bag and half of my clothes are wet.
Now we will probably go to the BSD village and check out the Humppa and pray for a dry night with no rain.
