April 7, 1999
3085 ENG II
In attendance:
Matt Bishop (MB), Tuomas Aura (TA), John Hughes (JH), Nick Puketza (NP) and Steven Templeton (ST)

    1. Matt has talked to Russ about an OC3 machine that can be used to try out the TCP protocol vulnerabilities
    2. WATCHERS protocol
      1. JH: Nodes won't do conservation analysis on links - can cheat
      2. Assumptions:
        1. Topology can't be changed.
        2. Spoofing can be detected at higher levels.
        3. Both A & B have to be crooked
      3. One malicious router (A) can pretend to be B
      4. NP: Ethernet spoofing - malicious host could send packets, forge ethernet address, drop bits on the wire.
      5. Does WATCHERS consider external nodes?
        1. Router does provide an OS for a dumb terminal
        2. Remote host - not considered by WATCHERS
        3. NP: Routers smart enough to recognize source/destination for external nodes
          1. WATCHERS doesn't recognize external sources; doesn't update counters
          2. It makes more sense to assume message originates from router
            1. Only one path out of an autonomous system
            2. Any external connections go through one router
          3. Counters are final-destination specific
            1. A stupid receiver would be a way to defeat the protocol if counters are not final-destination specific
          4. Source address is part of message, not routing
          5. Is there a problem if you don't keep track of sources?
            1. Counters needed for 1 hop, 2 hops etc. Need protection from two malicious routers
            2. General statement: Every router must be connected to one good router
            3. Might not need to know source and destination for each to detect bad router
            4. Separate the counter for each source/destination pair
          6. Does every router have to be a WATCHERS router or only where there is a critical link?
    3. Goals and Next Meeting
      1. Goal: Apply WATCHERS to DNS and other protocols
        1. Determine problems that matter at a higher level
        2. Assumptions that WATCHERS works on and how realistic are they?
      2. Next Meeting - Present writeups
        1. JH - write up address ring and approach to proving/solving it
        2. TA - write up splitting one node into two.
        3. NP - write up ethernet spoofing