On 2 Sep 2001, at 9:37, Tim May wrote:
Since I haven't noticed anyone else point this out (apologies for my redundancy if I just somehow missed it), it's worth mentioning that the original result was more of a "gee whiz, it's interesting we can do this in principle" type of thing than an actual threat of something anybody would ever actually do. Yes, you can trick a remote host into performing calculations for you with a specially prepared message, but it requires a hell of a lot more effort to prepare the message than it would to perform the calculation yourself.
Why would you think this is always so?
Gut hunch.
It would not take much effort to arrange a computation that consumed a lot of CPU cycles and returned a result, once one has gotten access to a remote machine. The case of the corportate employee using machines he could access to compute a screensaver/P2P job for a possible winning payoff comes to mind. Granted, he may have had permissions to access these machines, but the general point is that someone who got past these permissions could have done the same compute-intensive thing.
I was referring to the specific type of exploit where the "parasite" is abusing the TCP checksum. I suspect the same result is likely to hold with attempts to exploit other protocols. Obviously, if an attacker "owns" your machine, that's a completely different kettle of fish.
I see no reason to believe that "it requires a hell of a lot more effort to prepare the message than it would to perform the calculation yourself."
Sometimes it does, sometimes it doesn't.
Right, and I suspect I have a fair idea which is which. If you can get a remote host to execute arbitrary code, with loops and branches, or to evaluate complicated functions, then it may be worth your while to do it. If all you can do is get it to add up a list of numbers, then it's almost certainly going to be easier to just do the addition yourself. If there's also a bunch of extra effort required to turn an abstract problem into a series of addition problems, the advantage of solving the problem yourself (without this intermediate step) is even greater. George
--Tim May