Re: Last Call: 'Linklocal Multicast Name Resolution (LLMNR) ' to Proposed Standard

[Iljitsch van Beijnum <iljitsch at muada.com>]

One more thing:

On 31-aug-2005, at 0:55, Ned Freed wrote:

> >     Section 2.4 discusses use of TCP for LLMNR queries and  
> > responses.  In
> >     composing an LLMNR query using TCP, the sender MUST set the  
> > Hop Limit
> >     field in the IPv6 header and the TTL field in the IPv4 header  
> > of the
> >     response to one (1).  The responder SHOULD set the TTL or Hop  
> > Limit
> >     settings on the TCP listen socket to one (1) so that SYN-ACK  
> > packets
> >     will have TTL (IPv4) or Hop Limit (IPv6) set to one (1). This
> >     prevents an incoming connection from off-link since the sender  
> > will
> >     not receive a SYN-ACK from the responder.

I've heard reports in the past that attackers were able to spoof  
their end of a TCP session without being able to see return traffic.  
Obviously this is very hard to do if the TCP implementation uses  
enough randomness in its initial sequence numbers, but nonetheless it  
seems prudent to make it possible for the RECEIVER to check whether  
an incoming packet was forged (with the TTL=255 trick) rather than  
depend on the quality of the initial sequence number generation  
algorithm.

_______________________________________________
Ietf mailing list
Ietf at ietf.org
https://www1.ietf.org/mailman/listinfo/ietf