Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages


home | help
SC_TBITBLIND(1)		FreeBSD	General	Commands Manual	       SC_TBITBLIND(1)

     sc_tbitblind -- scamper driver to test systems for	resilience to blind
     TCP attacks.

     sc_tbitblind [-r] [-a addressfile]	[-A application] [-c completed-file]
		  [-l limit-per-file] [-o output-file] [-O options]
		  [-p scamper-port] [-t	log-file] [-T ttl] [-w wait-between]

     The sc_tbitblind utility provides the ability to connect to a running
     scamper(1)	instance and use that instance to test systems for resilience
     to	blind TCP attacks, with	the output written to a	file in	warts format.
     The utility tests a given system for regular TCP behavior,	and then tests
     the system	for response to	reset, SYN, and	data packets that could	have
     come from a blind attacker	because	the sequence number is not the next
     sequence number value expected by the receiver (the reset and SYN cases)
     or	the acknowledgment value covers	data ahead or behind the receiver's
     point in their sequence number space (the data cases).  The utility also
     tests the system's	response to a connection that advertises support for
     window scaling, TCP timestamps, and Selective Acknowledgments (SACK).

     The options are as	follows:

     -?	     prints a list of command line options and a synopsis of each.

     -a	addressfile
	     specifies the name	of the input file which	constists of a se-
	     quence of systems to test,	one system per line.

     -A	application
	     specifies the type	of application to simulate while testing the
	     system.  Options are HTTP and BGP.

     -c	completed-file
	     specifies the name	of a file to record IP addresses that have
	     been tested.

     -l	limit-per-file
	     specifies the number of tbit objects to record per	warts file,
	     before opening a new file and placing new objects.

     -o	output-file
	     specifies the name	of the file to be written.  The	output file
	     will use the warts	format.

     -O	options
	     allows the	behavior of sc_tbitblind to be further tailored.  The
	     current choices for this option are:
	       -  noshuffle: do	not shuffle the	order of the input list	or the
		  order	of the tests.

     -p	scamper-port
	     specifies the port	on the local host where	scamper(1) is accept-
	     ing control socket	connections.

     -r	     causes the	random number generator	used to	shuffle	tests be

     -t	log-file
	     specifies the name	of a file to log progress output from
	     sc_tbitblind generated at run time.

     -T	ttl  specifies the IP-TTL to use with the blind	TCP tests.

     -w	wait-between
	     specifies the length of time to wait between any two TCP tests to
	     one system.

     Use of this driver	requires a scamper instance listening on a port	for
     commands, which has been configured to use	the IPFW firewall rules	1 to
     100, as follows:

	   scamper -P 31337 -F ipfw:1-100

     To	test a set of web servers specified in a file named webservers.txt and
     formatted as follows:

	1, 1263
	1, 1263 2001:DB8::1
	1, 1263 2001:DB8::2

     the following command will	test all servers for resilience	to blind TCP
     attacks and record	raw data into webservers_00.warts, web-
     servers_01.warts, etc:

	   sc_tbitblind	-a webservers.txt -p 31337 -o webservers

     The webservers.txt	file is	required to be formatted as above.  The	format
     is: numeric ID to pass to tbit, a label for the webserver,	the size of
     the object	to be fetched, the IP address to contact, and the URL to use.

     To	test a set of BGP routers specified in bgprouters.txt and formatted as
     follows: 65000 65001

     the following command will	test all BGP routers for resilience to blind
     TCP attacks, without shuffling the	test order, waiting 180	seconds	be-
     tween tests, and record raw data into bgprouters_00.warts,	bg-
     prouters_01.warts,	etc:

	   sc_tbitblind	-a bgprouters.txt -p 31337 -o bgprouters -A bgp	-O
	   noshuffle -w	180

     The bgprouters.txt	file is	required to be formatted as above.  The	format
     of	that file is: IP address to establish a	BGP session with, and the ASN
     to	use.

     M.	Luckie,	R. Beverly, T. Wu, M. Allman, and k. claffy, Resilience	of
     Deployed TCP to Blind Attacks, Proc. ACM/SIGCOMM Internet Measurement
     Conference	2015.  scamper(1), sc_wartsdump(1), sc_warts2json(1), warts(5)

     sc_tbitblind was written by Matthew Luckie	<>.  Tiange
     Wu	contributed an initial implementation of the blind in-window TBIT test
     to	scamper, and Robert Beverly contributed	support	for testing BGP

FreeBSD	13.0		      September	19, 2015		  FreeBSD 13.0


Want to link to this manual page? Use this URL:

home | help