Re: ICMP spoofed source tunneling
In-Reply-To: <20040922203047.GA16153@xxxxxxxxx>
>On Wed, Sep 22, 2004 at 10:06:40AM -1000, Tim Newsham wrote:
>> How does this give anonymity? When sending to the server, I must use the
>> servers address as a source address. When the server replies to me, it
>> must use my address as a source address.
>
>Yes - you cannot use this in both directions:
>
> - In the server->client direction, the server can spoof IP source
> addresses.
>
> - In the client->server direction, you need to use multi-level "anonymous
> proxying", as used by several current P2P implementations (Gnutella for
> queries, Freenet, GNUnet etc).
>
>The advantage of this is that the available bandwidth can be fully utilized
>in the server->client direction, but at the same time the server IP address
>can remain unknown to the client. With current P2P systems, server->client
>proxying significantly reduces the download bandwidth.
>
>In practice, implementing this will be fairly complicated because you end
>up re-implementing TCP over a highly asymmetric connection.
I remember a discussion (in German) about this some time ago, also discussing
congestion problems. See
http://www.heise.de/newsticker/foren/go.shtml?read=1&msg_id=2617169&forum_id=36041
Babelfish translated:
http://babelfish.altavista.com/babelfish/trurl_pagecontent?url=http%3A%2F%2Fwww.heise.de%2Fnewsticker%2Fforen%2Fgo.shtml%3Fread%3D1%26msg_id%3D2617169%26forum_id%3D36041&lp=de_en
Enjoy!
Hugo