[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: ports in the clear...
Tatu,
Actually, the poor IP TOS field has an inglorious history of having been
somewhat useless. The original definition never had very much use. The more
current separation of precedence, etc., may have a bit more utility, though
the fact that it is set at the end station (and, therefore, of dubious
correctness) is a bit troubling. (You might look at Christian Huitema's
"Routing in the Internet", section 3.3.2, for a *very* brief discussion.)
(The canonical danger is an e'mail program that advertises "i'll get your mail
there faster than that other e'mail program", and then doing that by setting
bits in TOS.)
*One* advantage of looking at port numbers is that it scales, to some degree.
It also *may* reflect closer to what is actually going on (i.e., this really
*is* a telnet session; unless, of course, the two ends are conspiring). (For
some of the background, you might want to look at Floyd, S., and Jacobson, V.,
Link-sharing and Resource Management Models for Packet Networks. IEEE/ACM
Transactions on Networking, Vol. 3 No. 4, pp. 365-386, August 1995.)
(But, you are right, by doing this, when you field a new "application", you
need to add new administrative configuration information to routers.)
Sorry, though, for highjacking ipsec for *this* more packet management
discussion.
Greg
References: