[ntp:questions] Re: Strange IP flags set in NTP conversation
vjs at calcite.rhyolite.com
Wed Oct 15 03:35:05 UTC 2003
In article <RP6dnag0Mu3ADhGiRVn-uA at speakeasy.net>,
Michael Sierchio <kudzu at tenebras.com> wrote:
>> Do you have an exgesis of DS RFCs showing 0x10 is invalid?
>When looked at as a DS field, the upper six bits are the differentiated
>services code, and 0x04 is undefined. 0x04 in the upper six bits is
>the same as 0x10 in the byte if I have counted my bits correctly. I
>suppose I shouldn't look at these for UDP anyway. But there is malware
>that uses these as a subliminal channel.
I have vague recollections to the effect that the official DS values
were chosen to be different from the old TOS values. Section 4 of
RFC 2474 seeems to support those fuzzy memories.
>> There are plenty of routers that honor the old TOS values.
>I suppose those same routers don't handle explicit congestion
I'd rather not say, since I'd be guessing. What does RFC 1812 say?
I do have other vague recollections that the TCP/IP ECN bits were also
chosen to not collide with the TOS values.
Vernon Schryver vjs at rhyolite.com
More information about the questions