RE: FCIP iFCP encapsulation proposal

[Robert Snively <rsnively@Brocade.COM>]

Doug,

The binary image is of ethernet frames.  It requires the existence
of a matching TCP/IP connection with matching TCP headers,
including pdu sequencing information, which is not knowable
from the spoofer.  How are these delivered?  

The same question is true for each of the other layers of the
transfer, and the same unlikely scenario must be played back
for each.  I just don't see such data being delivered by
a responsible software layer.

Bob

>  -----Original Message-----
>  From: Douglas Otis [mailto:dotis@sanlight.net]
>  Sent: Wednesday, March 14, 2001 1:15 PM
>  To: Robert Snively; Black_David@emc.com; ips@ece.cmu.edu
>  Subject: RE: FCIP iFCP encapsulation proposal
>  
>  
>  Bob,
>  
>  With out discussing spoofing where attackers successfully guess TCP
>  sequences (made too easy in some cases), a binary image is 
>  stored and then
>  legitimately sent as a payload, with the example being 
>  binary content of a
>  debug analyzer.  In this case, headers contained within the 
>  payload could be
>  seen as valid.  The valid header within the payload may fool 
>  a process that
>  attempts to recover header synchronization following a 
>  dropped packet.  This
>  header may carry the same information in current use and be 
>  acted upon or
>  send the connection into error oblivion. It would appear to 
>  represent a
>  weakness that can be exploited.  Dropped packets happen.
>  
>  Doug
>
>  
>