:Evil bit
{{short description|Fictional IPv4 header field indicating malicious intent}}
{{use mdy dates|date=September 2021}}
{{third-party|date=August 2015}}
The evil bit is a fictional IPv4 packet header field proposed in a humorous April Fools' Day RFC from 2003,{{Ref RFC|3514}} authored by Steve Bellovin. The Request for Comments recommended that the last remaining unused bit, the "Reserved Bit"{{Cite web|url=https://countuponsecurity.com/2013/04/01/the-evil-bit/|title=The Evil Bit|last=Rocha|first=Luis|date=2013-04-01|website=Count Upon Security|access-date=2016-05-09}} in the IPv4 packet header, be used to indicate whether a packet had been sent with malicious intent, thus making computer security engineering an easy problem{{snd}} simply ignore any messages with the evil bit set and trust the rest.
Impact
A 2015 research done by network engineer Ben Cartwright-Cox revealed that a number of popular websites (436 websites out of Alexa 20k at the time), such as those belonging to several universities and banks, to antivirus provider Kaspersky and to remote desktop software provider Teamviewer respect the "evil bit" by dropping the inbound request, making them compliant with RFC 3514.{{cite web |title=I may be the only evil (bit) user on the internet |url=https://blog.benjojo.co.uk/post/evil-bit-RFC3514-real-world-usage |website=blog.benjojo.co.uk |access-date=13 September 2024}}
Influence
The evil bit has become a synonym for all attempts to seek simple technical solutions for difficult human social problems which require the willing participation of malicious actors, in particular efforts to implement Internet censorship using simple technical solutions.
As a joke, FreeBSD implemented support for the evil bit that day, but removed the changes the next day.[http://lists.freebsd.org/pipermail/cvs-all/2003-April/001098.html Implementation], [http://lists.freebsd.org/pipermail/cvs-all/2003-April/001295.html removal] A Linux patch implementing the iptables module "ipt_evil" was posted the next year.{{Cite web |url=http://lists.netfilter.org/pipermail/netfilter-devel/2004-April/014854.html |title=ipt_evil, kernel part |access-date=2011-01-01 |archive-date=2011-02-02 |archive-url=https://web.archive.org/web/20110202194608/http://lists.netfilter.org/pipermail/netfilter-devel/2004-April/014854.html |url-status=dead }} Furthermore, a patch for FreeBSD 7 is available,{{Cite web |url=http://unix.derkeiler.com/Mailing-Lists/FreeBSD/hackers/2008-04/msg00071.html |title=RFC3514 for FreeBSD7 |access-date=2013-12-26 |archive-date=2009-02-18 |archive-url=https://web.archive.org/web/20090218161455/http://unix.derkeiler.com/Mailing-Lists/FreeBSD/hackers/2008-04/msg00071.html |url-status=dead }} and is kept up-to-date.
There is an extension for XMPP protocol, inspired by evil bit.{{Cite web |url=http://xmpp.org/extensions/xep-0076.html |title=XEP-0076: Malicious Stanzas |archive-date=2013-04-16 |archive-url=https://archive.today/20130416055855/http://xmpp.org/extensions/xep-0076.html |url-status=live |last1=Saint-Andre |first1=Peter |last2=Hildebrand |first2=Joe |date=2003-04-01}}
This RFC has also been quoted in the otherwise completely serious RFC 3675, ".sex Considered Dangerous", which may have caused the proponents of .xxx to wonder whether the Internet Engineering Task Force (IETF) was commenting on their application for a top-level domain (TLD){{snd}} the document was not related to their application.{{Cite news|url=http://www.circleid.com/posts/adult_related_tlds_considered_dangerous|title=Adult-Related TLDs Considered Dangerous|access-date=2017-07-06|language=en}}
For April Fool's 2010, Google added an &evil=true parameter to requests through the Ajax APIs.{{Cite web|url=http://googleajaxsearchapi.blogspot.co.uk/2010/03/helping-you-help-us-help-you.html|title=Helping you help us help you|website=googleajaxsearchapi.blogspot.co.uk|access-date=2017-02-19}}
A patch to add compatibility for
See also
References
{{Reflist}}
{{IETF RFC 1st april}}
Category:April Fools' Day jokes