Re: [tcpm] comments on draft-ietf-tcpm-icmp-attacks-05

Joe Touch <touch@ISI.EDU> Mon, 15 June 2009 02:59 UTC

Return-Path: <touch@ISI.EDU>
X-Original-To: tcpm@core3.amsl.com
Delivered-To: tcpm@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 4F35F3A68DE for <tcpm@core3.amsl.com>; Sun, 14 Jun 2009 19:59:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.461
X-Spam-Level:
X-Spam-Status: No, score=-2.461 tagged_above=-999 required=5 tests=[AWL=0.138, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0TEz+Wdjkg1E for <tcpm@core3.amsl.com>; Sun, 14 Jun 2009 19:59:18 -0700 (PDT)
Received: from vapor.isi.edu (vapor.isi.edu [128.9.64.64]) by core3.amsl.com (Postfix) with ESMTP id 68DD43A6900 for <tcpm@ietf.org>; Sun, 14 Jun 2009 19:59:18 -0700 (PDT)
Received: from [192.168.1.46] (pool-71-105-84-152.lsanca.dsl-w.verizon.net [71.105.84.152]) by vapor.isi.edu (8.13.8/8.13.8) with ESMTP id n5F2x1BP010078; Sun, 14 Jun 2009 19:59:03 -0700 (PDT)
Message-ID: <4A35B8F5.6020900@isi.edu>
Date: Sun, 14 Jun 2009 19:59:01 -0700
From: Joe Touch <touch@ISI.EDU>
User-Agent: Thunderbird 2.0.0.21 (Windows/20090302)
MIME-Version: 1.0
To: Fernando Gont <fernando@gont.com.ar>
References: <C304DB494AC0C04C87C6A6E2FF5603DB221796D53C@NDJSSCC01.ndc.nasa.gov> <C304DB494AC0C04C87C6A6E2FF5603DB221796D53E@NDJSSCC01.ndc.nasa.gov> <4A30C093.5060408@gont.com.ar> <87hbyjey1e.fsf@mid.deneb.enyo.de> <4A35B1CA.70207@gont.com.ar>
In-Reply-To: <4A35B1CA.70207@gont.com.ar>
X-Enigmail-Version: 0.95.7
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-ISI-4-43-8-MailScanner: Found to be clean
X-MailScanner-From: touch@isi.edu
Cc: "tcpm@ietf.org" <tcpm@ietf.org>, Florian Weimer <fw@deneb.enyo.de>, Fernando Gont <fernando.gont@gmail.com>
Subject: Re: [tcpm] comments on draft-ietf-tcpm-icmp-attacks-05
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tcpm>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 15 Jun 2009 02:59:19 -0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



Fernando Gont wrote:
> Florian Weimer wrote:
> 
>>>> For instance, I'm not certain that setting the DF bit is only
>>>> possible for hosts that support PMTUD ... is there a reference for
>>>> that?
>>> What's the reason for setting the DF flag for IP packets carrying TCP
>>> segments if you don't implement PMTUD?
>> You don't have to put randomness into the IP ID field (at least in
>> theory; in practice, DF=1 packets get fragmented, too).
> 
> Yes, in theory. For instance, IIRC Linux used to zero the IP ID field
> when DF was set, but then backed-out this change.

This was/is also incorrectly done by some cellphones, to save state and
processing.

The trouble is that the IP ID is also used to detect (and discard)
duplicate segments. This is described in the draft I already cited, and
the best place to discuss it is the INT area mailing list.

Joe
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAko1uPUACgkQE5f5cImnZrsylgCdGfELd2eAxvVPtC/1wWigl1lY
8qwAoPStmplBwumSEldah/X3QLhY4VlP
=IP6g
-----END PGP SIGNATURE-----