IETF Logo Mail Archive

Re: [tcpm] Congestion control in face of ICMP unreachable messages

Daniel Schaffrath <daniel.schaffrath@mac.com> Thu, 06 September 2007 21:52 UTC

Return-path: <tcpm-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1ITPHL-0006p9-KU; Thu, 06 Sep 2007 17:52:47 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1ITPHK-0006p3-HJ for tcpm@ietf.org; Thu, 06 Sep 2007 17:52:46 -0400
Received: from smtpoutm.mac.com ([17.148.16.76]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1ITPHI-0004v0-DH for tcpm@ietf.org; Thu, 06 Sep 2007 17:52:46 -0400
Received: from mac.com (smtpin06-en2 [10.13.10.151]) by smtpoutm.mac.com (Xserve/smtpout013/MantshX 4.0) with ESMTP id l86LqhNs021888; Thu, 6 Sep 2007 14:52:43 -0700 (PDT)
Received: from [137.226.12.154] (dhcp154.informatik.rwth-aachen.de [137.226.12.154]) (authenticated bits=0) by mac.com (Xserve/smtpin06/MantshX 4.0) with ESMTP id l86Lq3Yi000817 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Thu, 6 Sep 2007 14:52:41 -0700 (PDT)
In-Reply-To: <46C5CFA1.3090603@isi.edu>
References: <8B61F72F-2F75-4388-976F-9748F8784AB3@mac.com> <46C5CFA1.3090603@isi.edu>
Mime-Version: 1.0 (Apple Message framework v752.3)
Content-Type: text/plain; charset="US-ASCII"; delsp="yes"; format="flowed"
Message-Id: <443EB15A-FBED-4325-AD04-CCC39E989DDE@mac.com>
Content-Transfer-Encoding: 7bit
From: Daniel Schaffrath <daniel.schaffrath@mac.com>
Subject: Re: [tcpm] Congestion control in face of ICMP unreachable messages
Date: Thu, 06 Sep 2007 23:52:26 +0200
To: Joe Touch <touch@ISI.EDU>
X-Mailer: Apple Mail (2.752.3)
X-Spam-Score: 0.0 (/)
X-Scan-Signature: e5ba305d0e64821bf3d8bc5d3bb07228
Cc: tcpm@ietf.org
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
Errors-To: tcpm-bounces@ietf.org

On 2007/08/17  , at 18:41, Joe Touch wrote:

> AFAIK, congestion control response to in-band messages (ACKs) and
> timeouts (implied loss, as TCP interprets it), as well as to some new
> fields (ECN, etc.) which are carried in the same packets.
>
> Reactions to external congestion signals - ICMP source quench  
> (which has
> been informally deprecated a while ago, but has not been documented as
> such yet) or otherwise - would constitute another opportunity for a  
> DOS
> attack, and seem like a bad idea to encourage.
I am note sure your security concerns really apply :) If the bad user  
controls the forwarding node, there is no need to rely on ICMP  
message to cause harm. Instead, just dropping random segments would  
do the job. If the bad user is off the forwarding node, she would  
need (as usual) guess port and sequence numbers. If she is able to  
guess right, she might as well opt to send forged ACK dupacks to  
cause harm, or for an ECN capable transport just one ECE marked ACK.

Overall, it seems to me that there don't arise additional attack  
opportunities if there was congestion control on ICMP messages.

But maybe I am missing something?

Thanks again,
Daniel




_______________________________________________
tcpm mailing list
tcpm@ietf.org
https://www1.ietf.org/mailman/listinfo/tcpm

v2.23.0 | Report a Bug | By Email