IETF Logo Mail Archive

Re: [Int-area] Kathleen Moriarty's Discuss on draft-ietf-intarea-gre-mtu-04: (with DISCUSS)

Suresh Krishnan <suresh.krishnan@ericsson.com> Sat, 16 May 2015 17:13 UTC

Return-Path: <suresh.krishnan@ericsson.com>
X-Original-To: int-area@ietfa.amsl.com
Delivered-To: int-area@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AB4A71A90AF; Sat, 16 May 2015 10:13:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.501
X-Spam-Level:
X-Spam-Status: No, score=-1.501 tagged_above=-999 required=5 tests=[BAYES_50=0.8, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1uVU515b_Tln; Sat, 16 May 2015 10:13:32 -0700 (PDT)
Received: from usevmg21.ericsson.net (usevmg21.ericsson.net [198.24.6.65]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5B8411A033B; Sat, 16 May 2015 10:13:31 -0700 (PDT)
X-AuditID: c6180641-f79086d000001909-3c-5557161d394e
Received: from EUSAAHC004.ericsson.se (Unknown_Domain [147.117.188.84]) by usevmg21.ericsson.net (Symantec Mail Security) with SMTP id 2D.15.06409.D1617555; Sat, 16 May 2015 12:04:13 +0200 (CEST)
Received: from EUSAAMB107.ericsson.se ([147.117.188.124]) by EUSAAHC004.ericsson.se ([147.117.188.84]) with mapi id 14.03.0210.002; Sat, 16 May 2015 13:13:30 -0400
From: Suresh Krishnan <suresh.krishnan@ericsson.com>
To: "Templin, Fred L" <Fred.L.Templin@boeing.com>, Brian Haberman <brian@innovationslab.net>, Ronald Bonica <rbonica@juniper.net>, Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
Thread-Topic: Kathleen Moriarty's Discuss on draft-ietf-intarea-gre-mtu-04: (with DISCUSS)
Thread-Index: AQHQjeuqBOajI++zS0+aQvRdi22fTQ==
Date: Sat, 16 May 2015 17:13:29 +0000
Message-ID: <E87B771635882B4BA20096B589152EF628C37B28@eusaamb107.ericsson.se>
References: <20150514021405.29892.21704.idtracker@ietfa.amsl.com> <CY1PR05MB1994819D2EC000754D69ACFDAED80@CY1PR05MB1994.namprd05.prod.outlook.com> <E87B771635882B4BA20096B589152EF628C0CC2C@eusaamb107.ericsson.se> <CAHbuEH5NEopFBPeATmhhLJ=iLom+2DvtTZUUobax2r3KbW=JcQ@mail.gmail.com> <BLUPR05MB19859D4F490C1744BC9B50F7AED80@BLUPR05MB1985.namprd05.prod.outlook.com> <BLUPR05MB19854E65D511F14253556DF3AED80@BLUPR05MB1985.namprd05.prod.outlook.com> <2134F8430051B64F815C691A62D9831832E621B4@XCH-BLV-504.nw.nos.boeing.com> <32221A4D-CD1B-4678-94BE-F49C0499F483@gmail.com> <BLUPR05MB19854B35DFE0D3774756E6B7AEC70@BLUPR05MB1985.namprd05.prod.outlook.com> <5555DF49.2090906@innovationslab.net> <2134F8430051B64F815C691A62D9831832E6BCF6@XCH-BLV-504.nw.nos.boeing.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [147.117.188.12]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFvrDLMWRmVeSWpSXmKPExsUyuXRPiK6sWHioweFmFYuZPf8YLRoub2K2 OH9qCovFjD8TmS1uzLrJYtGwM9/iwHcHB3aP3wffMHvsnHWX3WPJkp9MHjOPf2HxuN50lT2A NYrLJiU1J7MstUjfLoEr49pRvoJ7nBXzp51lbWD8w97FyMEhIWAi8XVnQRcjJ5ApJnHh3nq2 LkYuDiGBo4wSJ7YdZYRwljNKPH3ylhWkig2oYcPOz0wgCRGBvYwSz2evZwVxmAWmMUpsuXyO DaRKWCBaYtGFX4wgtohAjMSCg6+YIWw9ib1b14HZLAKqEos6boHV8Ar4Ssz+fBhqdyebRPP8 CSwgCUago76fWsMEYjMLiEvcejKfCeJYAYkle84zQ9iiEi8f/2OFsJUk5ry+xgxRryOxYPcn NghbW2LZwtfMEMsEJU7OfMIygVF0FpKxs5C0zELSMgtJywJGllWMHKXFqWW56UaGmxiB0XVM gs1xB+OCT5aHGAU4GJV4eBVMwkKFWBPLiitzDzFKc7AoifNeVA0JFRJITyxJzU5NLUgtii8q zUktPsTIxMEp1cC4xM0qZXnq0hXMOyOtstiiHaUDT/zWOGV43XXRqps5Fc38VSX+SkfKfwjZ ThL7nf3P4dw9gZX7JlmJmx9Un/hQpyhg6u6vwavfMTF/un/mWc503ZdtXCyl4TcjZp5fmrgq /eH8vvLNbou/ncpJEGtIf6zlM3fZF6uIsxXvuhY33c3gPB7s0leixFKckWioxVxUnAgAFbSo +Y8CAAA=
Archived-At: <http://mailarchive.ietf.org/arch/msg/int-area/k8TQkzyDU8W5DTYE00Hu8ECM6Ho>
Cc: "draft-ietf-intarea-gre-mtu@ietf.org" <draft-ietf-intarea-gre-mtu@ietf.org>, "int-area@ietf.org" <int-area@ietf.org>, The IESG <iesg@ietf.org>
Subject: Re: [Int-area] Kathleen Moriarty's Discuss on draft-ietf-intarea-gre-mtu-04: (with DISCUSS)
X-BeenThere: int-area@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF Internet Area Mailing List <int-area.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/int-area>, <mailto:int-area-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/int-area/>
List-Post: <mailto:int-area@ietf.org>
List-Help: <mailto:int-area-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/int-area>, <mailto:int-area-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 16 May 2015 17:13:33 -0000

Hi Fred,

On 05/15/2015 10:39 AM, Templin, Fred L wrote:
>> The problem with Fred's question is that it is a well-known
>> vulnerability of ICMP in general and has a much broader impact than just
>> fragmentation and GRE (i.e., this draft). Additionally, I have no idea
>> why Fred thinks an "insider attack" is any more of an issue than an
>> arbitrary attack.
>
> If the original source, ingress and egress are all within the same well
> managed  administrative domain, then it would be very advantageous
> to use PMTUD instead of probing and/or fragmentation since issues
> such as ICMP message loss, multipath and in-the-network fragmentation
> are mitigated. But, if source address spoofing is possible within the
> administrative domain, then there is opportunity for an insider attack
> to disrupt systems that rely on PMTUD.

Right. But Brian's question was if there was anything specific to what 
the draft is proposing. Do you believe that anything in the draft is 
specifically enabling this attack? Or if hosts (routers) implementing 
these drafts are more vulnerable to this attack?

Thanks
Suresh

v2.23.0 | Report a Bug | By Email