rik June 27, 2008 7:26 AM

A seeded honeypot could be used to spoof the protocol and cause the packets to get dropped.

John June 27, 2008 8:20 AM

This does not appear to be a security problem with the protocol described in RFC 1149.
It a bit like blaming the telephone system when its used by criminals.

Tangerine Blue June 27, 2008 8:27 AM

adequate fencing will prevent the
protocol from running
They tried an air gap – it didn’t help.

But using CAT-5 seems to take care of it.

derf June 27, 2008 8:53 AM

What? A Pigeon carrying a jumbo frame?

It could grip it by the husk!

It’s not a question of where he grips it! It’s a simple question of weight ratios!

Wait a minute! Supposing two Pigeons carried it together?

No, they’d have to have it on a line.

Well, simple! They’d just use a strand of creeper!

What, held under the dorsal guiding feathers?

Well, why not?

Lewis Donofrio June 27, 2008 9:13 AM

Bogwitch – I believe its no more than 256 milligrams

* Q: What is the typical MTU for an RFC 1149 transmission?
* A: From RFC 1149, Carrier Pigeon Internet Protocol: “The MTU is variable, and paradoxically, generally increases with increased carrier age. A typicall MTU is 256 milligrams”
* Credit: Joe Nygard

–Happy Friday…
__________________________________Lewis Donofrio Sr. Windows / Unix Systems Administrator 734-355-0592

J.D. Abolins June 27, 2008 9:18 AM

One of the classic counter-measures against carrier pigeons was using falcons.

As for C. Roy’s question about carrier pigeons being extinct. The birds aren’t but the use of the birds for routine delivery of messages is generally gone.

I recollect Switzerland being the last country to disband its military carrier pigeon unit. That was in the mid-1990s. One Swiss soldier reported said that the pigeons did have their advantages. If captured while transporting a pgieon, the soldier could claim he was transporting a pet or livestock. Also, if one was facing starvation, one can eat the pigeon, not so with an electronic communications device.

Dave B. June 27, 2008 9:22 AM

@C. Roy
You’re thinking of the Passenger Pigeon.

Yeah, that was my first thought, but then I realised that the vulnerability was that the prison guards discovered the transactions.

Also, you’d need a serious pigeon launch capability to implement a Ping of Death DoS.

jeff June 27, 2008 9:49 AM

@Dave B.

Launching a DOS would be a lot easier with a good botnet, but I expect that even the average consumer would recognize when their system was being used for that. The pigeon crap on their keyboard would be a dead giveaway.


boo lee han June 27, 2008 10:05 AM

But the REAL question is :

can it carry a large tube of toothpaste or not ?

that, freaks me out!

aikimark June 27, 2008 11:10 AM

I prefer OWLs, Hawks, and Falcons to an electronic distress sound generator. Carefully placed rubber snakes also make a good deterrent.

Roxanne June 27, 2008 11:15 AM

The real question is whether or not it could carry a thumb drive across the border. So much for seizing that laptop….

Anonymous June 27, 2008 12:14 PM

Need a way to share a secret key? Use this method with a tamper-evident seal. Place a USB key with 2GB of random text and use the XOR function for unbreakable encryption. If an attacker only was looking at the network, they would be out of luck.

Clive Robinson June 27, 2008 12:39 PM

All this talk of DoS attacks with pigeons reminds me of the Alfred Hitchcock movie “The Birds” which is just plain scary…

Because he for saw the perfect answer to Bruce’s security theater competition when Bruce was (possibly) still in nappies.


Anonymous June 27, 2008 1:10 PM

@John: This does not appear to be a security problem with the protocol described in RFC 1149.

It’s not a problem for the traffic carried via RFC1149. However, it shows that RFC1149 implementations have a covert channel which an attacker can leverage.

You might also be able to detect if the covert channel is in use because of congestion between the legitimate and covert payloads. But a smart attacker will limit their payload so that you don’t see any noticeable effect.

Chris S June 27, 2008 1:14 PM

From the article…

“Officers were alerted to the scheme at a prison near Sao Paulo, when they noticed some of the birds experiencing difficulty flying.”

A-ha! They did detect congestion caused by the covert payload!!!

bobchs June 27, 2008 2:33 PM

@ Andrea S.

If the Internet itself is the addictive thing (and I think it may be) encryption would be counter-productive.

Josh O June 27, 2008 4:02 PM

Uh Oh, Steve. with that double post, now we all know that you’ve been the one making all those “anonymous” comments all these years.

Rocketman June 27, 2008 6:43 PM

Wouldn’t the “shot blast” effect be an effective DoS (Dead or Scared) attack.

You aim your packet generation device at a vulnerable point along the carrier path and activate it when you detect traffic. I would suggest a point near the route endpoint being most effective due to the lack of intelligence on the origin of the packet and the concentrating effect of the single destination. The route endpoint is also closer to home comforts and so has fewer logistical issues.

A packet collision will cause effective carrier loss and provide data to analyze. Even a miss will most probably disrupt the carrier due to the built in Carrier Integrity Preservation System (CIPS). This weakness due to carrier self preservation is further enhanced due to its long term memory capabilities and Forward Looking Collision Avoidance. (FLCA*)

What is open for debate is the selection of packet size for the DoS attack. Due to the low carrier bandwidth and small packet size of the payload I would recommend smaller offensive packets with higher dispersal (bird shot).

  • FLCA is an enhancement on FEC. It is designed to preserve the carrier rather than the integrity of the payload so that the channel stays open for retries. Unfortunately the engineers did not foresee the effects of CIPS.

ekstrom June 27, 2008 7:04 PM

I just read in AOPA Pilot (magazine) that the first air-to-air military combat was in 1870 (Franco-Prussian war) when the Prussians deployed trained hawks against French battlefield communications performed according to RFC1149

Andrew June 28, 2008 9:48 AM

1) Micro SD card.

2) RFC 1149 protocol discovered to be surprisingly robust in defeating certain wireless countermeasures.

3) RFC 1149 protocol able to defeat certain wired countermeasures, including barbed wire and razor wire.

4) Excess packet size can result in dropped packets.

Fredlicious June 29, 2008 5:16 AM

A firewall would bring multiple benefits: no more contraband, and the guards get roast pigeon for dinner…

LDL June 29, 2008 9:03 AM

I love it! I remember the first time I read that RFC and thought that
someday someone would exploit it. I just don’t understand how the
media (birds) are trained in this scenario… the problem seems to me
how do you get the bi-directional flow? I can understand inbound or
outbound traffic… but bidirectional seems hard to achieve.

me too, laughing June 30, 2008 6:46 AM


So, following a proven official procedure, should now be punished everybody selling magazines containing photos so that these cigarette terrrists won’t be able to continue their mishaps

Roger June 30, 2008 7:43 AM


Use this method with a tamper-evident seal.

Unless we make assumptions about the limitations of the attacker’s manufacturing capabilities, a tamper-evident seal requires either that the device be verified by the same person who applied it (not so useful for sending messages), or that there exists a secret pre-shared between applier and verifier. Otherwise, the attacker can just substitute the whole device, with a fresh seal.

Place a USB key with 2GB of random text and use the XOR function for unbreakable encryption.

Sorry Steve, a Flash drive is a terrible way to implement a one-time pad. One of the necessary design features of a OTP is the ability to irrevocably erase key stream as soon as it is used. But because of wear levelling algorithms, it is difficult to overwrite data on a flash memory device; from the file system level, the only guaranteed way to do it is to overwrite the entire device. If you write your own driver and get bare-metal access, and IF wear levelling was implemented in drivers rather than in chip firmware, then at least you can erase just one block at a time — still very inefficient if you just received a 50 word message, since the block size is a minimum of 16 kB and usually much larger.

Remo June 30, 2008 10:54 AM

Those carrier pigeons have not vanished.
In the low counties (Belgium and the Netherlands) there are still many thousands of pigeon breeders with pigeons that are used for “racing”. They are put somewhere in the field to fly back home. The distances those pigeons have to fly are up to several hundreds of miles. There is one point. The birds only know one destination, back home. They have to be transported first. I was told that they tend to prefer to fly from South to North. The other way around doesn’t seem to work well.
take a look at :

OFF July 2, 2008 10:40 AM

More reliable than the new e-voting machines. Maybe we can start voting by carrier pigeon. Fly me to the polls.

Leave a comment


Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via

Sidebar photo of Bruce Schneier by Joe MacInnis.