Protocol Spoofing
   HOME

TheInfoList



Click Here for Items Related To - Protocol Spoofing
OR:
Protocol Spoofing on:   [Wikipedia]   [Google]   [Amazon]

Protocol spoofing is used in data communications to improve performance in situations where an existing
protocol Protocol may refer to: Sociology and politics * Protocol (politics), a formal agreement between nation states * Protocol (diplomacy), the etiquette of diplomacy and affairs of state * Etiquette, a code of personal behavior Science and technolog ...
is inadequate, for example due to long delays or high error rates.


Spoofing techniques

In most applications of protocol spoofing, a communications device such as a
modem A modulator-demodulator or modem is a computer hardware device that converts data from a digital format into a format suitable for an analog transmission medium such as telephone or radio. A modem transmits data by Modulation#Digital modulati ...
or router simulates ("spoofs") the remote endpoint of a connection to a locally attached host, while using a more appropriate protocol to communicate with a compatible remote device that performs the equivalent spoof at the other end of the communications link.


File transfer spoofing

Error correction and file transfer protocols typically work by calculating a
checksum A checksum is a small-sized block of data derived from another block of digital data for the purpose of detecting errors that may have been introduced during its transmission or storage. By themselves, checksums are often used to verify data ...
or CRC for a block of data known as a ''packet'', and transmitting the resulting number at the end of the packet. At the other end of the connection, the receiver re-calculates the number based on the data it received and compares that result to what was sent from the remote machine. If the two match the packet was transmitted correctly, and the receiver sends an ACK to signal that it's ready to receive the next packet. The time to transmit the ACK back to the sender is a function of the phone lines, as opposed to the
modem A modulator-demodulator or modem is a computer hardware device that converts data from a digital format into a format suitable for an analog transmission medium such as telephone or radio. A modem transmits data by Modulation#Digital modulati ...
's speed, and is typically about of a second on short links and may be much longer on long-distance links or data networks like
X.25 X.25 is an ITU-T standard protocol suite for packet-switched data communication in wide area networks (WAN). It was originally defined by the International Telegraph and Telephone Consultative Committee (CCITT, now ITU-T) in a series of drafts ...
. For a protocol using small packets, this delay can be larger than the time needed to send a packet. For instance, the
UUCP UUCP is an acronym of Unix-to-Unix Copy. The term generally refers to a suite of computer programs and protocols allowing remote execution of commands and transfer of files, email and netnews between computers. A command named is one of the prog ...
"g" protocol and Kermit both use 64-byte packets, which on a 9600 bit/s link takes about of a second to send. XMODEM used a slightly larger 128-byte packet, which takes about of a second to send. The next packet of data cannot be sent until the ACK for the previous packet is received. In the case of XMODEM, for instance, that means it takes a minimum of of a second for the entire cycle to complete for a single packet. This means that the overall speed is only half the theoretical maximum, a 50%
channel efficiency Network throughput (or just throughput, when in context) refers to the rate of message delivery over a communication channel, such as Ethernet or packet radio, in a communication network. The data that these messages contain may be delivered ove ...
. Protocol spoofing addresses this problem by having the local modem recognize that a data transfer is underway, often by looking for packet headers. When these are seen, the modem then looks for the end of the packet, normally by knowing the number of bytes in a single packet. XMODEM, for instance, has 132 bytes in a packet due to the header and checksum being added to the 128 bytes of actual data. When the modem sees the packet has ended, it immediately sends of spoofed ACK message back to the host. This causes the local computer to immediately send another packet, avoiding the latency of waiting for an ACK from the remote machine. The data for multiple packets is held in an internal buffer while the modem is sending it to the remote machine. This allows the packets to be sent continually, greatly improving channel efficiency. However, this also requires the link between the two systems to be error-free, as the modem has already ACKed the packets even before they have been sent. This was normally addressed by using a modem-level error correction protocol, like
Microcom Networking Protocol The Microcom Networking Protocols, almost always shortened to MNP, is a family of error-correcting protocols commonly used on early high-speed (2400 bit/s and higher) modems. Originally developed for use on Microcom's own family of modems, the prot ...
s. Protocol spoofing was also widely used with another feature of earlier high-speed modems. Before the introduction of
echo cancellation Echo suppression and echo cancellation are methods used in telephony to improve voice quality by preventing echo from being created or removing it after it is already present. In addition to improving subjective audio quality, echo suppression i ...
in
v.32 V3 or V03 may refer to: Medicine * Mandibular nerve, (V3),division of the trigeminal nerve * ATC code V03, a subgroup of the Anatomical Therapeutic Chemical Classification System * Area V3 of the visual cortex * V3, one of six precordial leads in ...
and later protocols, high-speed modems typically had a very slow "backchannel" for sending things like these ACKs back to the sender. On the ~18,500 bit/s
TrailBlazer A trailblazer is a person who is paving the way in their particular field for future generations. Trailblazer may refer to: Sports * Derby Trailblazers, a British semi-professional basketball team * North Carolina Trailblazers, a US women's rec ...
, for instance, the modem could send as many as 35 UUCP packets a second to the receiver, but the backchannel offered only 75 bit/s, not nearly enough for the 35 bytes, 280 bits, of ACK messages generated by the remote host. In this case, the spoofing allowed the sending modem to continue sending packets as fast as it could. At the same time, the modem on the remote receiving end dropped the ACK packets being generated by the local computer's software, keeping the backchannel clear. Since the channel efficiency only became a major problem at speeds over 2400 bit/s, and modems able to run faster than that typically had significant processing power anyway, protocol spoofing was mostly associated with these higher-speed systems.


TCP spoofing

TCP connections may suffer from performance limitations due to insufficient window size for links with high
bandwidth-delay product In data communications, the bandwidth-delay product is the product of a data link's capacity (in bits per second) and its round-trip delay time (in seconds). The result, an amount of data measured in bits (or bytes), is equivalent to the maxim ...
, and on long-delay links such as those over
GEO Geo- is a prefix derived from the Greek word ''γη'' or ''γαια'', meaning "earth", usually in the sense of "ground or land”. GEO or Geo may also refer to: Arts, entertainment, and media * ''GEO'' (magazine), a popular scientific magazine ...
satellites, TCP's slow start algorithm significantly delays connection startup. A spoofing router terminates the TCP connection locally and translates the TCP to protocols tailored to long delays over the satellite link such as XTP.


RIP/SAP spoofing

SAP and RIP periodically broadcast network information even if routing/service tables are unchanged. dial-on-demand WAN links in
IPX Internetwork Packet Exchange (IPX) is the network layer protocol in the IPX/SPX protocol suite. IPX is derived from Xerox Network Systems' IDP. It also has the ability to act as a transport layer protocol. The IPX/SPX protocol suite was very p ...
networks therefore never become idle and won't disconnect. A spoofing router or modem will intercept the SAP and RIP broadcasts, and re-broadcast the advertisements from its own routing/service table that it only updates when the link is active for other reasons.


See also

*
TCP Westwood TCP Westwood (TCPW) is a sender-side-only modification to TCP New Reno that is intended to better handle large bandwidth-delay product paths (large pipes), with potential packet loss due to transmission or other errors (leaky pipes), and with dyn ...
*
TCP tuning TCP tuning techniques adjust the network congestion avoidance parameters of Transmission Control Protocol (TCP) connections over high-bandwidth, high- latency networks. Well-tuned networks can perform up to 10 times faster in some cases. Howev ...


External links


UUCP `g' Protocol
* {{DEFAULTSORT:Protocol Spoofing Spoofing