Re: [hybi] Different server semantics of CONNECT
Zhong Yu <zhong.j.yu@gmail.com> Sat, 04 December 2010 20:49 UTC
Return-Path: <zhong.j.yu@gmail.com>
X-Original-To: hybi@core3.amsl.com
Delivered-To: hybi@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 0427E3A6997 for <hybi@core3.amsl.com>; Sat, 4 Dec 2010 12:49:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.037
X-Spam-Level:
X-Spam-Status: No, score=-3.037 tagged_above=-999 required=5 tests=[AWL=-0.038, BAYES_00=-2.599, J_CHICKENPOX_37=0.6, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VP4Hkz605E8E for <hybi@core3.amsl.com>; Sat, 4 Dec 2010 12:49:00 -0800 (PST)
Received: from mail-vw0-f44.google.com (mail-vw0-f44.google.com [209.85.212.44]) by core3.amsl.com (Postfix) with ESMTP id 242FA3A6995 for <hybi@ietf.org>; Sat, 4 Dec 2010 12:49:00 -0800 (PST)
Received: by vws7 with SMTP id 7so4266037vws.31 for <hybi@ietf.org>; Sat, 04 Dec 2010 12:50:20 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:in-reply-to :references:date:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=nxfFLNuLHUE5zTbvzg3+4gQbg/3NBdAqd6fUj/dScAM=; b=e/oLCjmBTBBT8rA+RSpNSPnYutpmr28wR8MtAr89l/Eby7TID3quKpLg1BxMMzEDSh //OKIJM6fVCvgZc3eH+pVl25jmhKLpQTASr5xtb7hETqDLxWZD/w8PqPX3yLnCKYnGuW df6peFPGy++mswqvKRl65mKoz4rtP61BPXRdg=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; b=KC+JfE5P64A6SOPjl0wLpoR7DF3zcFjOqEQCH8hICmIG5F/IR4oz7m3PGWVlr/Bo7P UnTjV/8tYJcetFc6GmydwhJI+CmfNGgvUwb5mpMU24DEeY9ey0/Rkkoq9FYRu/qtGyFy xw0VK5r+x7+W11vjO9Dl9bp6uU6hmviuIPXJQ=
MIME-Version: 1.0
Received: by 10.220.188.75 with SMTP id cz11mr866350vcb.143.1291495819134; Sat, 04 Dec 2010 12:50:19 -0800 (PST)
Received: by 10.220.99.212 with HTTP; Sat, 4 Dec 2010 12:50:19 -0800 (PST)
In-Reply-To: <AANLkTi=akcSXObuZkM0Z7DE7Af-+TghFrzkkmO25Ph14@mail.gmail.com>
References: <AANLkTi=5Z+PhCSmgNAd5_JcLYxR1rBQX=sbTT3qEwW-W@mail.gmail.com> <49B71D64-9B5D-40DB-B823-1552C56D19E5@gbiv.com> <AANLkTi=tF7kA3iP+FNfWOqiFwmB1q8jGgYABuE9KEuhc@mail.gmail.com> <743CF3C8-570C-42A0-9DF8-FD206F508C7C@gbiv.com> <070E177B-545C-4F43-A48A-7D8A0E9C2FF6@apple.com> <58C1667A-1F83-447F-ACD7-88109B0E48E4@gbiv.com> <8B0A9FCBB9832F43971E38010638454F03F347DF6C@SISPE7MB1.commscope.com> <AANLkTimp0Hvro3rCfihvV=9gGEGTn2dBXdE=4APSnM39@mail.gmail.com> <4CF881DD.5040409@it.aoyama.ac.jp> <AANLkTimWkXXAtpFmB85tNAw63=ej-mQ2Fhc4=7Hi_1_P@mail.gmail.com> <AANLkTi=zfsAuxuB=zhHqC99aFWv4C5qhszTvN7g7Pitr@mail.gmail.com> <AANLkTi=ufpHqotwO6+_Bwsa7t5H5cB-LLeP+d=A5R26E@mail.gmail.com> <AANLkTinHtN3uSGbZ6Hcki4wbMcN3vRp2_Ba=QENE2omY@mail.gmail.com> <AANLkTi=u-EL5CDVtz1fcMN90uVsdS5QCTku4ukD0+qNw@mail.gmail.com> <AANLkTi=QW22Sg1gboXBXB0nCzLrGktrYwq6AJX4oQJYr@mail.gmail.com> <AANLkTi=HyDUkFKnEzxPdiW0v1TNTuh3Nz70sSMmJaB8Y@mail.gmail.com> <AANLkTi=YK5hPEou+U76Bf39zqo3y+Y4omG0W0Q7EZvA0@mail.gmail.com> <AANLkTimhMKseM=o6XFxDUqoA0cVVcR2ga0vcpeJOw6wO@mail.gmail.com> <AANLkTinBivgAX4YiodEgRdpL0VY99uSHFpxw=zR6kVsn@mail.gmail.com> <AANLkTikCS-bf0p3OfRMA4Kv+YMHJwNJF9uEqN30yizzJ@mail.gmail.com> <AANLkTi=akcSXObuZkM0Z7DE7Af-+TghFrzkkmO25Ph14@mail.gmail.com>
Date: Sat, 04 Dec 2010 14:50:19 -0600
Message-ID: <AANLkTikWS4Ab6OTnQ408Ge8h8=Ppawh_Q7rCOB4OOzpJ@mail.gmail.com>
From: Zhong Yu <zhong.j.yu@gmail.com>
To: Eric Rescorla <ekr@rtfm.com>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
Cc: hybi@ietf.org, Greg Wilkins <gregw@intalio.com>
Subject: Re: [hybi] Different server semantics of CONNECT
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 04 Dec 2010 20:49:05 -0000
On Sat, Dec 4, 2010 at 2:20 PM, Eric Rescorla <ekr@rtfm.com> wrote: > > > On Sat, Dec 4, 2010 at 7:46 AM, Greg Wilkins <gregw@intalio.com> wrote: >> >> On 4 December 2010 15:07, Eric Rescorla <ekr@rtfm.com> wrote: >> > It's not clear to me why you think this would create a systematic error. >> > It's not like the ad network knows the results of the campaign; it just >> > gives you impressions. >> >> I don't know what ad service you used, but many will attempt to place >> an ad on a relevant page. So if your ad was for something technical, >> it may get place on pages that are more likely to be viewed by firefox >> behind a company firewall. If it was for flower arrangements, it would >> more likely be displayed on IE behind home routers. More >> importantly, so add services will "learn" as they go and change where >> they place an add, so some experiments run after others may see >> different environments. Eitherway - it's just an idea that might >> explain some variation in the absolute numbers - but would not detract >> significantly from the findings of the paper. > > >> >> > What details is it you would like to know about that you think aren't >> > in the paper? >> >> I'd like to see the actual bytes sent on the wire by the client and >> server. Specifically, I'd like to know if you sent the -76 random >> bytes after the GET+Upgrade request. If possible, it would be good to >> know the value of the random bytes sent for the runs that succeeded in >> poisoning the cache and for the runs where POST poisoned the cache, >> but GET+upgrade did not. > > There were no random bytes. > The message was essentially as described in III(B)(1) So in the POST experiment, the bytes are POST /path/of/attackers/choice HTTP/1.1 Host: host-of-attackers-choice.com Sec-WebSocket-Key: <connection-key> GET /script.php/<random> HTTP/1.1 Host: target.com In 1376 cases the 2nd request was routed to target.com, presumably because some interceptors parsed it as an HTTP request, and routed it based on Host. In the Upgrade experiment, the bytes are GET /path/of/attackers/choice HTTP/1.1 Host: host-of-attackers-choice.com Connection: Upgrade Sec-WebSocket-Key: <connection-key> Upgrade: WebSocket GET /script.php/<random> HTTP/1.1 Host: target.com In only 1 case the 2nd request was routed to target.com. This experiment is apparently done in the same ad display as the POST experiment, and the bytes passed over same intermediaries. Don't you find that odd? How do you explain the difference? - Zhong
- Re: [hybi] Different server semantics of CONNECT John Tamplin
- [hybi] Different server semantics of CONNECT Greg Wilkins
- Re: [hybi] Different server semantics of CONNECT Willy Tarreau
- Re: [hybi] Different server semantics of CONNECT Roy T. Fielding
- Re: [hybi] Different server semantics of CONNECT Willy Tarreau
- Re: [hybi] Different server semantics of CONNECT Adam Barth
- Re: [hybi] Different server semantics of CONNECT Greg Wilkins
- Re: [hybi] Different server semantics of CONNECT Julian Reschke
- Re: [hybi] Different server semantics of CONNECT John Tamplin
- Re: [hybi] Different server semantics of CONNECT Greg Wilkins
- Re: [hybi] Different server semantics of CONNECT Brian
- Re: [hybi] Different server semantics of CONNECT Roy T. Fielding
- Re: [hybi] Different server semantics of CONNECT Maciej Stachowiak
- Re: [hybi] Different server semantics of CONNECT Zhong Yu
- Re: [hybi] Different server semantics of CONNECT Maciej Stachowiak
- Re: [hybi] Different server semantics of CONNECT Roy T. Fielding
- Re: [hybi] Different server semantics of CONNECT Thomson, Martin
- Re: [hybi] Different server semantics of CONNECT Thomson, Martin
- Re: [hybi] Different server semantics of CONNECT Ian Fette (イアンフェッティ)
- Re: [hybi] Different server semantics of CONNECT Zhong Yu
- Re: [hybi] Different server semantics of CONNECT Zhong Yu
- Re: [hybi] Different server semantics of CONNECT John Tamplin
- Re: [hybi] Different server semantics of CONNECT Martin J. Dürst
- Re: [hybi] Different server semantics of CONNECT Zhong Yu
- Re: [hybi] Different server semantics of CONNECT Ian Fette (イアンフェッティ)
- Re: [hybi] Different server semantics of CONNECT Greg Wilkins
- Re: [hybi] Different server semantics of CONNECT John Tamplin
- Re: [hybi] Different server semantics of CONNECT Greg Wilkins
- Re: [hybi] Different server semantics of CONNECT Zhong Yu
- Re: [hybi] Different server semantics of CONNECT Greg Wilkins
- Re: [hybi] Different server semantics of CONNECT Eric Rescorla
- Re: [hybi] Different server semantics of CONNECT Zhong Yu
- Re: [hybi] Different server semantics of CONNECT Greg Wilkins
- Re: [hybi] Different server semantics of CONNECT Greg Wilkins
- Re: [hybi] Different server semantics of CONNECT Pat McManus @Mozilla
- Re: [hybi] Different server semantics of CONNECT Bjoern Hoehrmann
- Re: [hybi] Different server semantics of CONNECT Eric Rescorla
- Re: [hybi] Different server semantics of CONNECT John Tamplin
- Re: [hybi] Different server semantics of CONNECT Roberto Peon
- Re: [hybi] Different server semantics of CONNECT John Tamplin
- Re: [hybi] Different server semantics of CONNECT Eric Rescorla
- Re: [hybi] Different server semantics of CONNECT Roberto Peon
- Re: [hybi] Different server semantics of CONNECT Maciej Stachowiak
- Re: [hybi] Different server semantics of CONNECT John Tamplin
- Re: [hybi] Different server semantics of CONNECT Zhong Yu
- Re: [hybi] Different server semantics of CONNECT Eric Rescorla
- Re: [hybi] Different server semantics of CONNECT Bjoern Hoehrmann
- Re: [hybi] Different server semantics of CONNECT Zhong Yu
- Re: [hybi] Different server semantics of CONNECT Zhong Yu
- Re: [hybi] Different server semantics of CONNECT John Tamplin
- Re: [hybi] Different server semantics of CONNECT Eric Rescorla
- Re: [hybi] Different server semantics of CONNECT Zhong Yu
- Re: [hybi] Different server semantics of CONNECT Zhong Yu
- Re: [hybi] Different server semantics of CONNECT Eric Rescorla
- Re: [hybi] Different server semantics of CONNECT Zhong Yu
- Re: [hybi] Different server semantics of CONNECT Eric Rescorla
- Re: [hybi] Different server semantics of CONNECT Bjoern Hoehrmann
- Re: [hybi] Different server semantics of CONNECT Greg Wilkins
- Re: [hybi] Different server semantics of CONNECT Eric Rescorla
- Re: [hybi] Different server semantics of CONNECT Greg Wilkins
- Re: [hybi] Different server semantics of CONNECT Eric Rescorla
- Re: [hybi] Different server semantics of CONNECT Zhong Yu
- Re: [hybi] Different server semantics of CONNECT Zhong Yu
- Re: [hybi] Different server semantics of CONNECT Maciej Stachowiak
- Re: [hybi] Different server semantics of CONNECT Greg Wilkins
- Re: [hybi] Different server semantics of CONNECT Greg Wilkins
- Re: [hybi] Different server semantics of CONNECT Maciej Stachowiak
- Re: [hybi] Different server semantics of CONNECT Zhong Yu
- Re: [hybi] Different server semantics of CONNECT Henrik Frystyk Nielsen
- Re: [hybi] Different server semantics of CONNECT John Tamplin
- Re: [hybi] Different server semantics of CONNECT Bjoern Hoehrmann
- Re: [hybi] Different server semantics of CONNECT Greg Wilkins