IETF Logo Mail Archive

ICMP PTB spoofing attacks (was: RE: 6MAN: Adoption call on draft-hinden-6man-rfc1981bis-01)

"Templin, Fred L" <Fred.L.Templin@boeing.com> Fri, 05 February 2016 17:46 UTC

Return-Path: <Fred.L.Templin@boeing.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8FD0B1A0078 for <ipv6@ietfa.amsl.com>; Fri, 5 Feb 2016 09:46:43 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.202
X-Spam-Level:
X-Spam-Status: No, score=-4.202 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DyO8En65foOf for <ipv6@ietfa.amsl.com>; Fri, 5 Feb 2016 09:46:42 -0800 (PST)
Received: from blv-mbsout-02.boeing.com (blv-mbsout-02.boeing.com [130.76.32.232]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6B38F1A0056 for <ipv6@ietf.org>; Fri, 5 Feb 2016 09:46:42 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by blv-mbsout-02.boeing.com (8.14.4/8.14.4/DOWNSTREAM_MBSOUT) with SMTP id u15Hkms2017303; Fri, 5 Feb 2016 09:46:48 -0800
Received: from XCH-BLV-301.nw.nos.boeing.com (xch-blv-301.nw.nos.boeing.com [130.247.25.213]) by blv-mbsout-02.boeing.com (8.14.4/8.14.4/UPSTREAM_MBSOUT) with ESMTP id u15HkgWL017250 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=OK); Fri, 5 Feb 2016 09:46:42 -0800
Received: from XCH-BLV-105.nw.nos.boeing.com ([169.254.5.221]) by XCH-BLV-301.nw.nos.boeing.com ([169.254.1.229]) with mapi id 14.03.0235.001; Fri, 5 Feb 2016 09:46:36 -0800
From: "Templin, Fred L" <Fred.L.Templin@boeing.com>
To: "Fred Baker (fred)" <fred@cisco.com>
Subject: ICMP PTB spoofing attacks (was: RE: 6MAN: Adoption call on draft-hinden-6man-rfc1981bis-01)
Thread-Topic: ICMP PTB spoofing attacks (was: RE: 6MAN: Adoption call on draft-hinden-6man-rfc1981bis-01)
Thread-Index: AdFgO8UgUUOFg9xdTwqIJb3fPhAIDQ==
Date: Fri, 05 Feb 2016 17:46:35 +0000
Message-ID: <2134F8430051B64F815C691A62D983183395EF42@XCH-BLV-105.nw.nos.boeing.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [130.247.104.6]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-TM-AS-MML: disable
Archived-At: <http://mailarchive.ietf.org/arch/msg/ipv6/TVZndamzY-wZAF0Bnh_rm3yVjiA>
Cc: 6man WG <ipv6@ietf.org>, Bob Hinden <bob.hinden@gmail.com>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 05 Feb 2016 17:46:43 -0000

Hi Fred,

> As soon as I say "there is no such attack", one will materialize, so I won't assert that.  However, I am not aware of attacks in which
> someone creates ICMP PTBs and sends them to someone else in order to reduce their windows unnecessarily.

RFC4821 Section 11 (Security Considerations) recognizes the potential for spoofed
(i.e., inaccurate) ICMP PTB messages and suggests a mitigation (ignore all ICMP PTBs).
For paths over which any node in the network can inject an inaccurate ICMP PTB
message, an attack vector exists.

> I certainly *am* aware
> of firewalls and other equipment being programmed to either not originate or not allow ICMP messages, believing ICMP to be an
> attack vector.

Right.

> As far as I know, RFC 4821 is a response to the latter issue.

RFC4821 is a response to both issues: 1) Loss of accurate ICMP PTBs, and
2) Receipt of inaccurate ICMP PTBs.

Thanks - Fred
fred.l.templin@boeing.com

v2.23.0 | Report a Bug | By Email