IETF Logo Mail Archive

Re: Last Call: 'Linklocal Multicast Name Resolution (LLMNR) ' to Proposed Standard

Iljitsch van Beijnum <iljitsch@muada.com> Wed, 31 August 2005 00:01 UTC

Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EAG2l-0006Bb-1I; Tue, 30 Aug 2005 20:01:31 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EAG2j-0006Aw-DU; Tue, 30 Aug 2005 20:01:29 -0400
Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id UAA19040; Tue, 30 Aug 2005 20:01:27 -0400 (EDT)
Received: from sequoia.muada.com ([83.149.65.1]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1EAG4N-0002Dk-4t; Tue, 30 Aug 2005 20:03:11 -0400
Received: from [82.192.90.27] (alumange.muada.com [82.192.90.27]) (authenticated bits=0) by sequoia.muada.com (8.13.3/8.13.3) with ESMTP id j7V01OmZ028852 (version=TLSv1/SSLv3 cipher=RC4-SHA bits=128 verify=NO); Wed, 31 Aug 2005 02:01:25 +0200 (CEST) (envelope-from iljitsch@muada.com)
In-Reply-To: <01LSG29TZ2JE000092@mauve.mrochek.com>
References: <E1E2vc4-0005tK-3G@newodin.ietf.org> <FF02984E-5095-412D-B3C3-3DF1C4B8E5A6@muada.com> <01LSG29TZ2JE000092@mauve.mrochek.com>
Mime-Version: 1.0 (Apple Message framework v734)
Content-Type: text/plain; charset="US-ASCII"; delsp="yes"; format="flowed"
Message-Id: <C9B2D11B-B5AC-4316-8B21-EEAA36EDBEC3@muada.com>
Content-Transfer-Encoding: 7bit
From: Iljitsch van Beijnum <iljitsch@muada.com>
Date: Wed, 31 Aug 2005 02:01:25 +0200
To: Ned Freed <ned.freed@mrochek.com>
X-Mailer: Apple Mail (2.734)
X-Spam-Status: No, score=-2.2 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=3.0.2
X-Spam-Checker-Version: SpamAssassin 3.0.2 (2004-11-16) on sequoia.muada.com
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 2409bba43e9c8d580670fda8b695204a
Content-Transfer-Encoding: 7bit
Cc: namedroppers@ops.ietf.org, iesg@ietf.org, IETF General Discussion Mailing List <ietf@ietf.org>
Subject: Re: Last Call: 'Linklocal Multicast Name Resolution (LLMNR) ' to Proposed Standard
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
Sender: ietf-bounces@ietf.org
Errors-To: ietf-bounces@ietf.org

One more thing:

On 31-aug-2005, at 0:55, Ned Freed wrote:

>>     Section 2.4 discusses use of TCP for LLMNR queries and  
>> responses.  In
>>     composing an LLMNR query using TCP, the sender MUST set the  
>> Hop Limit
>>     field in the IPv6 header and the TTL field in the IPv4 header  
>> of the
>>     response to one (1).  The responder SHOULD set the TTL or Hop  
>> Limit
>>     settings on the TCP listen socket to one (1) so that SYN-ACK  
>> packets
>>     will have TTL (IPv4) or Hop Limit (IPv6) set to one (1). This
>>     prevents an incoming connection from off-link since the sender  
>> will
>>     not receive a SYN-ACK from the responder.

I've heard reports in the past that attackers were able to spoof  
their end of a TCP session without being able to see return traffic.  
Obviously this is very hard to do if the TCP implementation uses  
enough randomness in its initial sequence numbers, but nonetheless it  
seems prudent to make it possible for the RECEIVER to check whether  
an incoming packet was forged (with the TTL=255 trick) rather than  
depend on the quality of the initial sequence number generation  
algorithm.

_______________________________________________
Ietf mailing list
Ietf@ietf.org
https://www1.ietf.org/mailman/listinfo/ietf

v2.23.0 | Report a Bug | By Email