Talk:Evil bit

Internet Low‑importance

	Internet portal This article is within the scope of WikiProject Internet, a collaborative effort to improve the coverage of the Internet on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.InternetWikipedia:WikiProject InternetTemplate:WikiProject InternetInternet articles
Low	This article has been rated as Low-importance on the project's importance scale.

Computing: Networking / Software Low‑importance

	This article is within the scope of WikiProject Computing, a collaborative effort to improve the coverage of computers, computing, and information technology on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.ComputingWikipedia:WikiProject ComputingTemplate:WikiProject ComputingComputing articles
Low	This article has been rated as Low-importance on the project's importance scale.
	This article is supported by Networking task force (assessed as Low-importance).
	This article is supported by WikiProject Software (assessed as Low-importance).

Internet culture Low‑importance

This article is within the scope of WikiProject Internet culture, a collaborative effort to improve the coverage of internet culture on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.Internet cultureWikipedia:WikiProject Internet cultureTemplate:WikiProject Internet cultureInternet culture articles

Low

This article has been rated as Low-importance on the project's importance scale.

WikiProject Internet culture To-do:

Here are some tasks awaiting attention:

Article requests : View all requested internet culture articles
Expand : Pick an article from here or here
Photo : Category:Internet culture articles needing images
Stubs : All stubs are located here
Other : Category:Internet self-classification codes (!?); Try to get YouTube to FA; Tag all articles you find with {{WikiProject Internet culture}}
- See also Category:Internet culture articles needing attention

Untitled[edit]

I thought "evil bit" could also refer to the phenomenon in campy science fiction, in which an AI could turn from good to evil at the flip of a switch. --π! 21:22, 20 July 2006 (UTC)[reply]

Possible use for the field?[edit]

Wouldn't it be possible for intrusion detection software running on an Internet-facing firewall to use this field to indicate, on a local network, whether the packet is likely part of a possible intrusion? Has such a proposal been reported in a reliable source? --Damian Yerrick (☎) 18:25, 12 October 2006 (UTC)[reply]

This RFC is contradicting to other existing standards, which may render the whole internet inoperable, therefore it cannot be implemented. From the RFC, "Because NAT [RFC3022] boxes modify packets, they SHOULD set the evil bit on such packets. "Transparent" http and email proxies SHOULD set the evil bit on their reply packets to the innocent client host.", obviously it is common case in the network. Also, who can prove that the evil bit can be set correctly, hackers obvious don't want this evil bit to be set by themselves :-) . This is the point of this April Fool's RFC. See RFC 3751 — Omniscience Protocol Requirements, which is a very similar self-contradicting joke. --Leeyc0 (Talk) 03:50, 12 January 2007 (UTC)[reply]

Any known implementation in the wild?[edit]

Is there any trojan/worm/virus/spam that has been known to set this bit? I could easily imagine some hacker implementing it as a joke, knowing that no hardware will filter it. 129.42.208.182 18:25, 11 September 2007 (UTC)[reply]

To my knowledge: no, but i think nmap supports it. cavac (talk) 10:44, 26 May 2009 (UTC)[reply]

Expected behavior of network equipment[edit]

I'm the guy who ported the FreeBSD patch to FreeBSD 7 and did some tests. Most network equipment does indeed leave the bit "as is" (although some don't, which helps in identifying the operating systems used). The Bit is actually reserved for future use as an additional fragmentation option.

Therefore, my interpretation of the RFCs in respect to the correct handling of packets with this bit set would be thus: Network equipment that does NOT work with the payload should forward the packet as is (in the future, this might be a valid fragment of a packet), equipment that does work on the payload - like endpoints and high-level routing equipment - must drop the packets because they don't understand that fragmentation option (it's now undefined - when it's defined, that equipment will need a software/firmware update to handle the packets correctly). Network equipment that drops the packet should also respond with ICMP type 12 code 0 packet (Parameter Problem: Bad IP header / Pointer indicates the error) with the pointer set to the FLAGS field... While that seems to be indicated by the various RFC's, it's not written down like that (e.g. original research). If i put a documentation about that on my homepage, would this still count as original research, even though i'm the guy who wrote big parts of the code? cavac (talk) 10:44, 26 May 2009 (UTC)[reply]

Synonym or Metaphor?[edit]

The article uses the word synonym where metaphor might be more appropriate.

I don't know enough about editing etiquette to start editing main text and invoking reversion engines and all that. — Preceding unsigned comment added by Hicksw (talk • contribs) 15:51, 5 July 2018 (UTC)[reply]