Re: Predictable IP protocol values
Fernando Gont <fgont@si6networks.com> Sat, 28 April 2012 20:50 UTC
Return-Path: <fgont@si6networks.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1D70121F8546 for <ipv6@ietfa.amsl.com>; Sat, 28 Apr 2012 13:50:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.524
X-Spam-Level:
X-Spam-Status: No, score=-2.524 tagged_above=-999 required=5 tests=[AWL=0.075, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XuRm3KvPOTze for <ipv6@ietfa.amsl.com>; Sat, 28 Apr 2012 13:50:18 -0700 (PDT)
Received: from srv01.bbserve.nl (unknown [IPv6:2a02:27f8:1025:18::232]) by ietfa.amsl.com (Postfix) with ESMTP id 78CF421F853D for <ipv6@ietf.org>; Sat, 28 Apr 2012 13:50:17 -0700 (PDT)
Received: from [186.134.11.143] (helo=[192.168.123.103]) by srv01.bbserve.nl with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.77) (envelope-from <fgont@si6networks.com>) id 1SOEan-00010B-I7; Sat, 28 Apr 2012 22:50:10 +0200
Message-ID: <4F9C57EA.8040309@si6networks.com>
Date: Sat, 28 Apr 2012 17:49:46 -0300
From: Fernando Gont <fgont@si6networks.com>
Organization: SI6 Networks
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:11.0) Gecko/20120412 Thunderbird/11.0.1
MIME-Version: 1.0
To: "Joel M. Halpern" <jmh@joelhalpern.com>
Subject: Re: Predictable IP protocol values
References: <401EA98A-C229-4ED3-8CBE-3C6CAE5D37B7@gmail.com> <4F87BBD6.8090809@si6networks.com> <5858DFD5-7A62-478E-8F13-B62CB02D3EE7@employees.org> <4F99B5C8.1010108@si6networks.com> <5E6FD71A-0A84-4B20-AF5A-16DCBCD7ED76@employees.org> <4F9C52EF.2080401@joelhalpern.com>
In-Reply-To: <4F9C52EF.2080401@joelhalpern.com>
X-Enigmail-Version: 1.4
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Cc: Fernando Gont <fgont@si6networks.com>, "ipv6@ietf.org Mailing List" <ipv6@ietf.org>, Bob Hinden <bob.hinden@gmail.com>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipv6>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 28 Apr 2012 20:50:19 -0000
On 04/28/2012 05:28 PM, Joel M. Halpern wrote: > It seems to me that the proposed document is a partial fix to a marginal > problem. > Yes, I take it as given that if I followed the references I wind find > descriptions of the attacks. I do see how one could force fragmented > packets if one knew that A was talking to B at the current moment. Just send an ICMPv6 PTB claiming an MTU smaller than 1280 bytes, and you're done. Now think about you favourite application running on two known systems. It just takes you one ICMPv6 PTB to trigger fragmentation, one ping6 to sample the Frag ID, and further (rather low-rate) fragments that will cause collisions, leading to DoS -- and it si very easy to maintaint that DoS state. Dumb/idle scans have also been well-known since the IPv4 era, and trivial to exploit (for instance, nmap implements this vector). We produced tools to test these things, and have been trying to help vendors. Most vendors cared (http://www.ietf.org/proceedings/83/slides/slides-83-6man-10.pdf), as they did at the time for IPv4 case. So IMO it would be weird for us to not be willing to do our part (maintain our specs), when others have done theirs (fix their implementations). Just my two cents. Best regards, -- Fernando Gont SI6 Networks e-mail: fgont@si6networks.com PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492
- 6MAN Minutes, Actions, and Document Status Bob Hinden
- Re: 6MAN Minutes, Actions, and Document Status Fernando Gont
- Re: 6MAN Minutes, Actions, and Document Status Ole Trøan
- Re: 6MAN Minutes, Actions, and Document Status Fernando Gont
- Predictable IP protocol values Ole Trøan
- Re: Predictable IP protocol values Fernando Gont
- Re: Predictable IP protocol values Joel M. Halpern
- Re: Predictable IP protocol values Fernando Gont