IETF Logo Mail Archive

Re: [Int-area] Kathleen Moriarty's Discuss on draft-ietf-intarea-gre-mtu-04: (with DISCUSS)

"Templin, Fred L" <Fred.L.Templin@boeing.com> Fri, 15 May 2015 14:39 UTC

Return-Path: <Fred.L.Templin@boeing.com>
X-Original-To: int-area@ietfa.amsl.com
Delivered-To: int-area@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 253321AC3D0; Fri, 15 May 2015 07:39:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.211
X-Spam-Level:
X-Spam-Status: No, score=-4.211 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yXAQJ849duVT; Fri, 15 May 2015 07:39:48 -0700 (PDT)
Received: from blv-mbsout-02.boeing.com (blv-mbsout-02.boeing.com [130.76.32.232]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 992E21AC3BF; Fri, 15 May 2015 07:39:48 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by blv-mbsout-02.boeing.com (8.14.4/8.14.4/DOWNSTREAM_MBSOUT) with SMTP id t4FEdmpe032634; Fri, 15 May 2015 07:39:48 -0700
Received: from XCH-PHX-412.sw.nos.boeing.com (xch-phx-412.sw.nos.boeing.com [10.57.37.44]) by blv-mbsout-02.boeing.com (8.14.4/8.14.4/UPSTREAM_MBSOUT) with ESMTP id t4FEdfXT032554 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=OK); Fri, 15 May 2015 07:39:42 -0700
Received: from XCH-BLV-504.nw.nos.boeing.com ([169.254.4.238]) by XCH-PHX-412.sw.nos.boeing.com ([169.254.12.221]) with mapi id 14.03.0235.001; Fri, 15 May 2015 07:39:41 -0700
From: "Templin, Fred L" <Fred.L.Templin@boeing.com>
To: Brian Haberman <brian@innovationslab.net>, Ronald Bonica <rbonica@juniper.net>, Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
Thread-Topic: Kathleen Moriarty's Discuss on draft-ietf-intarea-gre-mtu-04: (with DISCUSS)
Thread-Index: AQHQjeuraQWLl4q6nUqMr+wRYH60Tp17aEKAgAAciKCAABiOQIAASz5wgADI+QCAAAqbgIAAqiCA//+0A7A=
Date: Fri, 15 May 2015 14:39:41 +0000
Message-ID: <2134F8430051B64F815C691A62D9831832E6BCF6@XCH-BLV-504.nw.nos.boeing.com>
References: <20150514021405.29892.21704.idtracker@ietfa.amsl.com> <CY1PR05MB1994819D2EC000754D69ACFDAED80@CY1PR05MB1994.namprd05.prod.outlook.com> <E87B771635882B4BA20096B589152EF628C0CC2C@eusaamb107.ericsson.se> <CAHbuEH5NEopFBPeATmhhLJ=iLom+2DvtTZUUobax2r3KbW=JcQ@mail.gmail.com> <BLUPR05MB19859D4F490C1744BC9B50F7AED80@BLUPR05MB1985.namprd05.prod.outlook.com> <BLUPR05MB19854E65D511F14253556DF3AED80@BLUPR05MB1985.namprd05.prod.outlook.com> <2134F8430051B64F815C691A62D9831832E621B4@XCH-BLV-504.nw.nos.boeing.com> <32221A4D-CD1B-4678-94BE-F49C0499F483@gmail.com> <BLUPR05MB19854B35DFE0D3774756E6B7AEC70@BLUPR05MB1985.namprd05.prod.outlook.com> <5555DF49.2090906@innovationslab.net>
In-Reply-To: <5555DF49.2090906@innovationslab.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [130.247.104.6]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-TM-AS-MML: disable
Archived-At: <http://mailarchive.ietf.org/arch/msg/int-area/d0IM54SMM2LugMyqV0fU3LJz30s>
X-Mailman-Approved-At: Fri, 15 May 2015 08:02:22 -0700
Cc: "draft-ietf-intarea-gre-mtu@ietf.org" <draft-ietf-intarea-gre-mtu@ietf.org>, "int-area@ietf.org" <int-area@ietf.org>, "draft-ietf-intarea-gre-mtu.ad@ietf.org" <draft-ietf-intarea-gre-mtu.ad@ietf.org>, "draft-ietf-intarea-gre-mtu.shepherd@ietf.org" <draft-ietf-intarea-gre-mtu.shepherd@ietf.org>, The IESG <iesg@ietf.org>, "intarea-chairs@ietf.org" <intarea-chairs@ietf.org>
Subject: Re: [Int-area] Kathleen Moriarty's Discuss on draft-ietf-intarea-gre-mtu-04: (with DISCUSS)
X-BeenThere: int-area@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF Internet Area Mailing List <int-area.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/int-area>, <mailto:int-area-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/int-area/>
List-Post: <mailto:int-area@ietf.org>
List-Help: <mailto:int-area-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/int-area>, <mailto:int-area-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 15 May 2015 14:39:50 -0000

Hi Brian,

> -----Original Message-----
> From: Brian Haberman [mailto:brian@innovationslab.net]
> Sent: Friday, May 15, 2015 4:58 AM
> To: Ronald Bonica; Kathleen Moriarty; Templin, Fred L
> Cc: Suresh Krishnan; draft-ietf-intarea-gre-mtu@ietf.org; int-area@ietf.org; draft-ietf-intarea-gre-mtu.ad@ietf.org; draft-ietf-intarea-
> gre-mtu.shepherd@ietf.org; The IESG; intarea-chairs@ietf.org
> Subject: Re: Kathleen Moriarty's Discuss on draft-ietf-intarea-gre-mtu-04: (with DISCUSS)
> 
> Hi Kathleen,
> 
> On 5/14/15 9:49 PM, Ronald Bonica wrote:
> > Hi Kathleen,
> >
> > Thanks, I will post an updated version of the draft.
> >
> > Regarding Fred’s question, an attacker can send ICMP PTB to the GRE
> > ingress node. When this happens, the GRE ingress node’s estimation of
> > the PMTU and GMTU become inaccurate. That is why the draft says:
> >
> > “PMTU Discovery is vulnerable to two denial of service attacks (see
> > Section 8 of [RFC1191] for details). Both attacks are based upon on a
> > malicious party sending forged ICMPv4 Destination Unreachable or
> > ICMPv6 Packet Too Big messages to a host. In the first attack, the
> > forged message indicates an inordinately small PMTU. In the second
> > attack, the forged message indicates an inordinately large MTU. In
> > both cases, throughput is adversely affected. On order to mitigate
> > such attacks, GRE implementations include a configuration option to
> > disable PMTU discovery on GRE tunnels. Also, they can include a
> > configuration option that conditions the behavior of PMTUD to
> > establish a minimum PMTU.”
> 
> The problem with Fred's question is that it is a well-known
> vulnerability of ICMP in general and has a much broader impact than just
> fragmentation and GRE (i.e., this draft). Additionally, I have no idea
> why Fred thinks an "insider attack" is any more of an issue than an
> arbitrary attack.

If the original source, ingress and egress are all within the same well
managed  administrative domain, then it would be very advantageous
to use PMTUD instead of probing and/or fragmentation since issues
such as ICMP message loss, multipath and in-the-network fragmentation
are mitigated. But, if source address spoofing is possible within the
administrative domain, then there is opportunity for an insider attack
to disrupt systems that rely on PMTUD.

A fix would be to have the draft mention the ability to spoof source
addresses as a necessary precondition to sustained PTB message
attacks, since attackers that use legitimate source addresses can
be traced. And, the mitigation is for the administrative domain to
employ ingress filtering.

Thanks - Fred
fred.l.templin@boeing,com

> Regards,
> Brian
>

v2.23.0 | Report a Bug | By Email