[tcpm] I-D Action:draft-ietf-tcpm-tcpsecure-10.txt
"Anantha Ramaiah (ananth)" <ananth@cisco.com> Mon, 14 July 2008 06:04 UTC
Return-Path: <tcpm-bounces@ietf.org>
X-Original-To: tcpm-archive@megatron.ietf.org
Delivered-To: ietfarch-tcpm-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id ABC433A6A82; Sun, 13 Jul 2008 23:04:50 -0700 (PDT)
X-Original-To: tcpm@core3.amsl.com
Delivered-To: tcpm@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 75F5F3A6A46 for <tcpm@core3.amsl.com>; Sun, 13 Jul 2008 23:04:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.199
X-Spam-Level:
X-Spam-Status: No, score=-6.199 tagged_above=-999 required=5 tests=[AWL=-0.200, BAYES_00=-2.599, J_CHICKENPOX_33=0.6, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Cz3bqsNDQBmG for <tcpm@core3.amsl.com>; Sun, 13 Jul 2008 23:04:48 -0700 (PDT)
Received: from sj-iport-1.cisco.com (sj-iport-1.cisco.com [171.71.176.70]) by core3.amsl.com (Postfix) with ESMTP id 726D33A6A73 for <tcpm@ietf.org>; Sun, 13 Jul 2008 23:04:48 -0700 (PDT)
X-IronPort-AV: E=Sophos;i="4.30,357,1212364800"; d="url'?scan'208";a="52469408"
Received: from sj-dkim-3.cisco.com ([171.71.179.195]) by sj-iport-1.cisco.com with ESMTP; 14 Jul 2008 06:05:13 +0000
Received: from sj-core-3.cisco.com (sj-core-3.cisco.com [171.68.223.137]) by sj-dkim-3.cisco.com (8.12.11/8.12.11) with ESMTP id m6E65D7N027447; Sun, 13 Jul 2008 23:05:13 -0700
Received: from xbh-sjc-231.amer.cisco.com (xbh-sjc-231.cisco.com [128.107.191.100]) by sj-core-3.cisco.com (8.13.8/8.13.8) with ESMTP id m6E65DOf000302; Mon, 14 Jul 2008 06:05:13 GMT
Received: from xmb-sjc-21c.amer.cisco.com ([171.70.151.176]) by xbh-sjc-231.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Sun, 13 Jul 2008 23:05:13 -0700
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----_=_NextPart_001_01C8E577.946011EA"
Date: Sun, 13 Jul 2008 23:04:09 -0700
Message-ID: <0C53DCFB700D144284A584F54711EC58057555B0@xmb-sjc-21c.amer.cisco.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [tcpm] I-D Action:draft-ietf-tcpm-tcpsecure-10.txt
Thread-Index: AcjhlfHU62R2P/2zQpyxAtM9tRKa6QDro4lg
From: "Anantha Ramaiah (ananth)" <ananth@cisco.com>
To: tcpm@ietf.org
X-OriginalArrivalTime: 14 Jul 2008 06:05:13.0610 (UTC) FILETIME=[948B86A0:01C8E577]
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; l=4672; t=1216015513; x=1216879513; c=relaxed/simple; s=sjdkim3002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=ananth@cisco.com; z=From:=20=22Anantha=20Ramaiah=20(ananth)=22=20<ananth@cisco .com> |Subject:=20=20[tcpm]=20I-D=20Action=3Adraft-ietf-tcpm-tcps ecure-10.txt |Sender:=20; bh=w4jmTSfaHYZgjSNgCo8JkdnfTYXI/6kYAwkjHKpW38A=; b=rN8w+mK1E94st+gTCDelnAgxYz8BNBZeoIrmksFVuRjF0IeF3P4xa7IwzS 423Jhpkzgmm0t+sUa7kahBUmvPZo56AngjotEHiPDuGJSESD1Y0BS0H2gcDK rNcWJGqs1/;
Authentication-Results: sj-dkim-3; header.From=ananth@cisco.com; dkim=pass ( sig from cisco.com/sjdkim3002 verified; );
Cc: David Borman <david.borman@windriver.com>
Subject: [tcpm] I-D Action:draft-ietf-tcpm-tcpsecure-10.txt
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://www.ietf.org/mailman/private/tcpm>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
Sender: tcpm-bounces@ietf.org
Errors-To: tcpm-bounces@ietf.org
Greetings, The new version of the tcpsecure (version 10) incorporates the following :- #1 - the last pending issue before WGLC viz., the strength of mitigations, where there was a "very thin consensus" for tagging the RST, SYN and Data mitigations as SHOULD/SHOULD/MAY respectively. (It was previously tagged as SHOULD/SHOULD/SHOULD). The document is modified accordingly. #2 - Andre Oppermann brought about some important errors in the document. They are :- a) In the SYN mitigation (sec 4.2) there was a typo when quoting RFC 793 i.e. instead of saying [RCV.NXT =< SEG.SEQ < RCV.NXT+RCV.WND], it was misquoted as [RCV.NXT =< SEG.SEQ =< RCV.NXT+RCV.WND] b) In the Data mitigation section, the text was wrong. I.e. it previously said : Data that doesn't satisfy the new check MUST be discarded silently, it should have been "data that doesn't satisfy the new check MUST be discarded and an ACK sent (as per the RFC 793) The document is corrected accordingly. #3 - A reference to ICMP attacks document, which Fernando brought about. Ted Faber/Joe Touch suggested the text which I have incorporated in the security considerations. #4 - Alfred Hoenes editorial comments on version 9. I have added a section called "strength of mitigations". The rationale for adding this section is that, to clear up the reasoning, for tagging the mitigations strengths as S/S/M esp. after the "Applicability statement" is in place. Digging through the responses (textual and verbal) I don't see a strong technical reasoning for choosing the Data mitigation as MAY. I request the WG members who voted for MAY to speak up their technical reasoning. Pl remember that this reasoning is highly desirable since in future many people may ask the same question and hence it is prudent to come with a better technical explanation. Thanks, -Anantha -----Original Message----- From: tcpm-bounces@ietf.org [mailto:tcpm-bounces@ietf.org] On Behalf Of Internet-Drafts@ietf.org Sent: Wednesday, July 09, 2008 12:30 AM To: i-d-announce@ietf.org Cc: tcpm@ietf.org Subject: [tcpm] I-D Action:draft-ietf-tcpm-tcpsecure-10.txt A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the TCP Maintenance and Minor Extensions Working Group of the IETF. Title : Improving TCP's Robustness to Blind In-Window Attacks Author(s) : A. Ramaiah, et al. Filename : draft-ietf-tcpm-tcpsecure-10.txt Pages : 27 Date : 2008-07-09 TCP has historically been considered protected against spoofed off- path packet injection attacks by relying on the fact that it is difficult to guess the 4-tuple (the source and destination IP addresses and the source and destination ports) in combination with the 32 bit sequence number(s). A combination of increasing window sizes and applications using longer term connections (e.g. H-323 or Border Gateway Protocol [RFC4271]) have left modern TCP implementations more vulnerable to these types of spoofed packet injection attacks. Many of these long term TCP applications tend to have predictable IP addresses and ports which makes it far easier for the 4-tuple to be guessed. Having guessed the 4-tuple correctly, an attacker can inject a RST, SYN or DATA segment into a TCP connection by systematically guessing the sequence number of the spoofed segment to be in the current receive window. This can cause the connection to either abort or possibly cause data corruption. This document specifies small modifications to the way TCP handles inbound segments that can reduce the chances of a successful attack. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-tcpm-tcpsecure-10.txt Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft.
_______________________________________________ tcpm mailing list tcpm@ietf.org https://www.ietf.org/mailman/listinfo/tcpm
- [tcpm] I-D Action:draft-ietf-tcpm-tcpsecure-10.txt Internet-Drafts
- [tcpm] I-D Action:draft-ietf-tcpm-tcpsecure-10.txt Anantha Ramaiah (ananth)
- Re: [tcpm] I-D Action:draft-ietf-tcpm-tcpsecure-1… Joe Touch