IETF Logo Mail Archive

Re: [tcpm] ICMP attacks draft

Fernando Gont <fernando@gont.com.ar> Wed, 19 July 2006 23:31 UTC

Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1G3LVh-0005JV-EP; Wed, 19 Jul 2006 19:31:21 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1G3LVg-0005JQ-Da for tcpm@ietf.org; Wed, 19 Jul 2006 19:31:20 -0400
Received: from venus.xmundo.net ([201.216.232.56]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1G3LVe-0005Mk-Pq for tcpm@ietf.org; Wed, 19 Jul 2006 19:31:20 -0400
Received: from fgont.gont.com.ar (171-180-231-201.fibertel.com.ar [201.231.180.171]) (authenticated bits=0) by venus.xmundo.net (8.12.11/8.12.11) with ESMTP id k6JNTbEj013695; Wed, 19 Jul 2006 20:30:16 -0300
Message-Id: <7.0.1.0.0.20060719200945.0625ec08@gont.com.ar>
X-Mailer: QUALCOMM Windows Eudora Version 7.0.1.0
Date: Wed, 19 Jul 2006 20:22:54 -0300
To: Joe Touch <touch@ISI.EDU>
From: Fernando Gont <fernando@gont.com.ar>
Subject: Re: [tcpm] ICMP attacks draft
In-Reply-To: <44BE4C27.1010600@isi.edu>
References: <0C53DCFB700D144284A584F54711EC5801D9592B@xmb-sjc-21c.amer.cisco.com> <7.0.1.0.0.20060715153423.08601b58@gont.com.ar> <44BB1882.6030904@isi.edu> <7.0.1.0.0.20060717052818.064b28b8@gont.com.ar> <44BCE4FA.1050602@isi.edu> <7.0.1.0.0.20060718160252.066880d8@gont.com.ar> <44BD514C.2090704@isi.edu> <7.0.1.0.0.20060718192327.0427b290@gont.com.ar> <44BD7441.9050206@isi.edu> <7.0.1.0.0.20060719031923.04a637f0@gont.com.ar> <44BE4C27.1010600@isi.edu>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
X-Spam-Score: 0.1 (/)
X-Scan-Signature: 00e94c813bef7832af255170dca19e36
Cc: tcpm@ietf.org, "Anantha Ramaiah (ananth)" <ananth@cisco.com>
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
Errors-To: tcpm-bounces@ietf.org

At 12:13 19/07/2006, Joe Touch wrote:

> > I understand what you mean. However, the message codes to which we are
> > changing from hard to soft errors (protocol unreachable and port
> > unreachable) are not the ones that would reflect a routing change.
>
>Sorry - long time since I got into this level of detail. We're talking
>about dest unreachable codes 2-4, i.e.:
>         2 protocol
>         3 port
>         4 frag needed and DF set
>
>Changing these from hard to soft AFTER connection establishment means:
>
>         - slower reaction (if at all?) to host reconfiguration
>                 2,3 - dynamic reloading of protocol module fails

Agreed in the case of protocol unreachable. But for port unreachable, 
the protocol module is there.



>                 3 - unexpected application termination (?)
>                         although TCP can send a RST in this case,
>                         ICMP should also generate port unreachable (?)

What I recall is that the idea of making TCP abort connections upon 
receipt of port unreach had to do with accomodating implementation 
that rejected connection requests with ICMP port unreachables, rather 
than with RSTs.

In the case of TCP, only RSTs should be sent. As a matter of fact, 
sending both RSTs and port unreachables could be used by an attacker 
as a bandwidth amplifier.



>Reloading protocols isn't unheard of (netgraph, etc.). Failure of that
>protocol has many consequences, and at some level nonresponsiveness is
>its own signal, but softening these signals basically means you are
>assuming that protocols don't change once a connection is up. That's a
>NEW assumption and should be noted.

Agreed. In this case, we are limiting the discussion to TCP, though.


>         - slower/no reaction to path change
>                 4 - change in path MTU

IMHO, this would kill robustness. In TCP, you implement PMTUD, or 
don't set the DF bit.



>As to the case where ICMP Frag needed should generate a hard error,
>consider:
>         - simple TCP stack that lacks PMTUD
>         - an intermediate device sets the DF bit
>
>I saw that case a few years ago. Changing hard to soft changes reaction
>to that event

Well, that seems non-compliant, anyway. Also, for robustness-sake, 
you probably don't have many choices other than keep retransmitting.

Kindest regards,

--
Fernando Gont
e-mail: fernando@gont.com.ar || fgont@acm.org
PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1






_______________________________________________
tcpm mailing list
tcpm@ietf.org
https://www1.ietf.org/mailman/listinfo/tcpm

v2.23.0 | Report a Bug | By Email