IETF Logo Mail Archive

Re: [tcpm] ICMP attacks draft (issue 1): hard errors -> soft errors (in synchronized states)

Fernando Gont <fernando@gont.com.ar> Thu, 29 September 2005 16:05 UTC

Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EL0uK-0001vt-L8; Thu, 29 Sep 2005 12:05:16 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EL0uJ-0001vo-0v for tcpm@megatron.ietf.org; Thu, 29 Sep 2005 12:05:15 -0400
Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA20274 for <tcpm@ietf.org>; Thu, 29 Sep 2005 12:05:11 -0400 (EDT)
Received: from server.frh.utn.edu.ar ([170.210.17.146] ident=qmailr) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1EL11y-00068F-7a for tcpm@ietf.org; Thu, 29 Sep 2005 12:13:12 -0400
Received: (qmail 2320 invoked from network); 29 Sep 2005 16:04:37 -0000
Received: from 200-70-144-124.mrse.com.ar (HELO fgont.gont.com.ar) (gont-fernando@200.70.144.124) by server.frh.utn.edu.ar with SMTP; 29 Sep 2005 16:04:37 -0000
Message-Id: <6.2.0.14.0.20050929125335.03d67e90@pop.frh.utn.edu.ar>
X-Mailer: QUALCOMM Windows Eudora Version 6.2.0.14
Date: Thu, 29 Sep 2005 13:02:28 -0300
To: Joe Touch <touch@ISI.EDU>
From: Fernando Gont <fernando@gont.com.ar>
Subject: Re: [tcpm] ICMP attacks draft (issue 1): hard errors -> soft errors (in synchronized states)
In-Reply-To: <433C0C47.3080207@isi.edu>
References: <6.2.0.14.0.20050923075214.0428faa8@pop.frh.utn.edu.ar> <433411E2.3020005@isi.edu> <6.2.0.14.0.20050923125332.04320008@pop.frh.utn.edu.ar> <4334345F.2060301@isi.edu> <6.2.0.14.0.20050927013116.03fedc70@pop.frh.utn.edu.ar> <4339AB09.70501@isi.edu> <6.2.0.14.0.20050928034642.08012bf0@pop.frh.utn.edu.ar> <433BDFB8.4090407@isi.edu> <6.2.0.14.0.20050929120406.03d79008@pop.frh.utn.edu.ar> <433C0C47.3080207@isi.edu>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
X-Spam-Score: 2.9 (++)
X-Scan-Signature: 25620135586de10c627e3628c432b04a
Cc: tcpm@ietf.org
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
Sender: tcpm-bounces@ietf.org
Errors-To: tcpm-bounces@ietf.org

At 12:46 p.m. 29/09/2005, Joe Touch wrote:

> > It's not useful to open the door to attack.
>
>We're not opening anything. It's already open, at least as spec'd.

Yes, and that's not good.


> >> And this changes it to a MUST NOT. Which I disagree with.
> >
> > The app can still shoot itself, as my draft does not say the hard errors
> > should not be signaled to the user application.
>
>What would THAT do? You want to NOT act on them at the TCP level, but
>pass them to the app anyway? Why?

Because, if anything, I'd leave the apps the choice to make something 
stupid, intentionally, rather than keeping TCP vulnerable to trivial 
ICMP-based connection-reset attacks.


> >> > If you really think my proposal hurts, you should submit a proposal
> >> > entitled "Tunnelling ICMP over TCP", or the like.
> >>
> >> You've repeatedly suggested that if I don't like your drafts, I should
> >> write alternative drafts. Here's my perspective on this:
> >
> > No, what I'm meaning is that if you think that treating hard errors as
> > soft errors is ill-adviced, you should also arge that running ICMP over
> > IP is ill-adviced.
>
>That presumes I think that there is a viable way to secure ICMP, which I
>don't so far.

No. That means you are making an argument for a protocol which is already 
unreliable.


>Otherwise, act on what you get, because there's no way to distinguish
>one ICMP from another just based on the content of the ICMP per se. This
>goes back to your policy issue - I do agree that we should act on
>different ones differently, just not that these cases (legitimate ICMPs
>vs spoofed) are distinguishable.

I don't think their are distinguishable, either.

I just mean that making as many checks as possible reduces the chance of 
being hit by spoofed.
And that being more conservative on the ones that would cause more harm is 
a good thing.



> > Me, a number of people here, the industry, and the IAB seem to have a
> > different view on this draft. I respect yours, anyway.
>
>Well, FWIW, the IAB/IESG also approved a number of drafts to go to RFC
>standards-track that violate RFC791 on the use of IP ID (ROHC), and a
>recent one we discussed in this group that depended normatively on a
>mechanism that was an ID. I.e., they make mistakes too (as do we all).

That's more of an administrative/procedural than a technical error. Was 
their technical rationale broken?


--
Fernando Gont
e-mail: fernando@gont.com.ar || fgont@acm.org






_______________________________________________
tcpm mailing list
tcpm@ietf.org
https://www1.ietf.org/mailman/listinfo/tcpm

v2.23.0 | Report a Bug | By Email