On Wed, Aug 22, 2001 at 05:10:16PM -0700, Bruce A. Mah wrote:
> > Several people on other mailing lists have pointed out that Nagle
> > should make this much harder, although it's unclear how Nagle and
> > ssh interact. So far that has resulted in a number of degenerating
> > discussions of how things work. Of course, Nagle will not help
> > between two machines on the same ethernet segment, but probably
> > would make the process described in the paper much harder.
>
> Indeed. They also didn't discuss (or I didn't see it) the effects of
> queueing or jitter in the network on their scheme.
I just had a thought. It appears from the discussion that SSH encrypts
things (internal to ssh) in whatever unit is handed to the encryption
routine, that is something like:
for(;;) {
read(stdin, buffer);
encrypt(buffer);
write(network, buffer);
}
So, if read returns a single character, it encrypts a single character
and sends it. This results in the 20 byte packets in the article. Now,
20 bytes is small enough that Nagle might combine two of them into a
single 40 byte packet or similar making this harder. That said, it would
be much harder if something similar to Nagle was done in ssh:
for (;;) {
timer = gettime();
while ((len(buffer) < 20) && ((gettime() - timer) < 20ms)) {
read(stdin, buffer);
}
encrypt(buffer);
write(network, buffer);
}
This should allow two or three characters to go into a single block (which
would probably still be 20 bytes) and completely throw off the method they
were using.
--
Leo Bicknell - [EMAIL PROTECTED]
Systems Engineer - Internetworking Engineer - CCIE 3440
Read TMBG List - [EMAIL PROTECTED], www.tmbg.org
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message
