IETF Logo Mail Archive

[quicwg/base-drafts] Limit retransmission of closing packet (#1905)

Martin Thomson <notifications@github.com> Wed, 24 October 2018 23:19 UTC

Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D84D212D4EC for <quic-issues@ietfa.amsl.com>; Wed, 24 Oct 2018 16:19:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.47
X-Spam-Level:
X-Spam-Status: No, score=-8.47 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.47, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CteWNC9yiEcX for <quic-issues@ietfa.amsl.com>; Wed, 24 Oct 2018 16:19:53 -0700 (PDT)
Received: from out-5.smtp.github.com (out-5.smtp.github.com [192.30.252.196]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 61F2F129BBF for <quic-issues@ietf.org>; Wed, 24 Oct 2018 16:19:53 -0700 (PDT)
Date: Wed, 24 Oct 2018 16:19:52 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1540423192; bh=nAQaILRr6Q0Zkts/OgubInuBIHcrvT6yXWk4QHkJeUo=; h=Date:From:Reply-To:To:Cc:Subject:List-ID:List-Archive:List-Post: List-Unsubscribe:From; b=Q6aU5MmZKXgLZltS6hQYdXyvn1w4QpXSJvPnDyx01P1NTax1iufuRJ2rzb+h+58wd kiA7jlF2mPdU2fAlky82XcDD0tsoisrFeKdeE/uQxqcRinKUEij8R6EoWisiip4lSW Ip/7Ur6iH0Ay9BMPDKJpuh8mZHFU8a65nQfnu0+k=
From: Martin Thomson <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+0166e4ab9e1f7d61b1c6901ec477c003a30490769cad4c0892cf0000000117e8c01892a169ce16466c4c@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/issues/1905@github.com>
Subject: [quicwg/base-drafts] Limit retransmission of closing packet (#1905)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5bd0fe187af7a_7d203ff4bc2d45c414495f"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: martinthomson
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/bNPV70q4cblT5LjBGjDpDGZ_lOE>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 24 Oct 2018 23:19:55 -0000

@mikkelfj observes that we permit rate limiting of connection close frames, but they might be used to create an amplification attack if the closing endpoint is naive in its handling.  The fix is easy - the endpoint needs to remember a validated address for its peer along with the closing packet.  Packets from other remote addresses need to be dropped or only responded to if the size of the incoming packet is > 1/3 of the closing packet.  In most cases, this won't change anything.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/quicwg/base-drafts/issues/1905

v2.23.0 | Report a Bug | By Email