Re: [tcpm] WG Last Call for ICMP Attacks

To: Fernando Gont <fernando at gont.com.ar>
Subject: Re: [tcpm] WG Last Call for ICMP Attacks
From: Joe Touch <touch at ISI.EDU>
Date: Tue, 08 Sep 2009 16:03:40 -0700
Cc: "Smith, Donald" <Donald.Smith at qwest.com>, 'tcpm Extensions WG' <tcpm at ietf.org>, 'David Borman' <david.borman at windriver.com>
Delivered-to: tcpm at core3.amsl.com
In-reply-to: <4A9F4AB1.6070605 at gont.com.ar>
List-archive: <http://www.ietf.org/mail-archive/web/tcpm>
List-help: <mailto:tcpm-request@ietf.org?subject=help>
List-id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-post: <mailto:tcpm@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
References: <F1534040-EA0D-44E4-98F7-67C24CD12CCF at windriver.com> <B01905DA0C7CDC478F42870679DF0F1005B64E383D at qtdenexmbm24.AD.QINTRA.COM> <4A9F4AB1.6070605 at gont.com.ar>
User-agent: Thunderbird 2.0.0.23 (Windows/20090812)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Some additional feedback:

- --
2.1 indicates reasons why ICMPs are not reliable; it should include
reasons why ICMPs could be late - so late that, e.g., sequence numbers
aren't relevant.
- --
In Sec 4.1:
   It should be note that as there are no timeliness for ICMP error
   messages, the TCP Sequence Number check described in this section
   might cause legitimate ICMP error messages to be discarded

This should also note that it is also possible to end up acting on ICMPs
that are old even when such checks are in place, depending on the
lateness of the ICMP and the width of the valid sequence number window.
- --
top Page 13, space is missing:
   synchronized states (ESTABLISHED, FIN-WAIT-1, FIN-WAIT-2, CLOSE-WAIT,
   CLOSING, LAST-ACK or TIME-WAIT)as "soft errors".  That is, they do
                                  ^
- --
Section 8 would benefit from a summary of the different techniques used
(e.g., parameter checking to drop ICMPs, state checking to drop ICMPs,
etc.) and a description of how each basic technique affects the system -
i.e., they (in general) make the system more robust to deliberate
attacks, but could make the system react less rapidly to legitimate
network errors. This is a deliberate trade-off, and perhaps a reasonable
one, but worth noting, IMO.

Joe
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkqm4swACgkQE5f5cImnZrt64QCfYfRuDcVPdClVjcpIxSyWd9IL
Q54AoMzxa0pGftaA8YcIODNmoLeipC2a
=BQ+x
-----END PGP SIGNATURE-----

Follow-Ups:
- Re: [tcpm] WG Last Call for ICMP Attacks
  - From: Fernando Gont

References:
- [tcpm] WG Last Call for ICMP Attacks
  - From: David Borman
- Re: [tcpm] WG Last Call for ICMP Attacks
  - From: Smith, Donald
- Re: [tcpm] WG Last Call for ICMP Attacks
  - From: Fernando Gont

Prev by Date: Re: [tcpm] poll for adoption of long connectivity disruptions draft
Next by Date: Re: [tcpm] WG Last Call for ICMP Attacks
Previous by thread: Re: [tcpm] WG Last Call for ICMP Attacks
Next by thread: Re: [tcpm] WG Last Call for ICMP Attacks
Index(es):
- Date
- Thread

Re: [tcpm] WG Last Call for ICMP Attacks

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.