Warpd Welcome
Introduction
Reference Scenario
Protocol
Architecture
Download

SourceForge.net Logo

Hosted on SF!

The Protocol

Based on datagrams; the client will assemble a packet containing:

  • the current date (GMT)
  • the duration of the opening window
  • some optional fields
  • the integrity code (MD5 checksum)

    The packet will be AES encrypted with a secret key, known to both the client and the server. I believe that sharing a key between several different users is not a big deal for such system. However, it is easy to use a mechanism based on some other information such as a login name, to associate keys and phisical person.

    The server receives the packet, try to decrypt it with the key and checks if the integrity code is OK, if the current date matches with a given tolerance the date contained in the packet; if yes, it will issue a command that makes the services available (entries in the tcpd service or a some real firewall control). Otherwise the packet is ignored or logged. Each request is translated in an event: a single event is identified with a pair (client, service). Client is the client that required the services, service is the port number. In this release we do not distinguish TCP/UDP, but this is really easy to extend. Whenever a packet matches the decoding scheme, we discard any pending event that refers to this (client,service). If the duration is 0; then we immediately close the warped service. If the duration is != 0 we post an event with the given duration; when the event expirese, the warped service is closed. Duration always refers to the current GMT time. Interesting points:

  • It should be difficult to do a scan on such a service, since it's datagram based (it is possible also to use some extra techniques to avoid that an attaker can detect such a system). nmap use the following technique to do a UDP scan: it sends a 0 byte UDP packet, if the port is unbound, the ICMP will return a "port unreachable" packet; otherwise, it assumes it's open (from NMap man page!) If we block *ALL* ICMP messages, we are OK. Otherwise, we can sent back a fake ICMP packets also when the 0-byte datagram hits the port used by warpd (or anything else we cannot decrypt!)

  • If we use warpd to cover everything, the system would result as non-existent, like it's fully closed. It will be un-scannable, and reveal its presence over the Net only when a carefully crafted packet reaches it. Of course, if we let ICMP go through, the presence of the system will be revealed.

    Contros:

  • It is difficult to understand remotely if a specific service is alive.