RE: [Tsvwg] Re: [tcpm] Revision ofdraft-larsen-tsvwg-port-randomization

"Anantha Ramaiah \(ananth\)" <ananth@cisco.com> Thu, 26 July 2007 14:56 UTC

Return-path: <tcpm-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1IE4lF-0003WT-V4; Thu, 26 Jul 2007 10:56:17 -0400
Received: from [10.90.34.44] (helo=chiedprmail1.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IE4lD-0003Vq-8c; Thu, 26 Jul 2007 10:56:15 -0400
Received: from sj-iport-6.cisco.com ([171.71.176.117]) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1IE4lC-0006rb-K5; Thu, 26 Jul 2007 10:56:15 -0400
Received: from sj-dkim-3.cisco.com ([171.71.179.195]) by sj-iport-6.cisco.com with ESMTP; 26 Jul 2007 07:56:14 -0700
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: Ao8CAOBSqEarR7PD/2dsb2JhbAA
X-IronPort-AV: i="4.16,584,1175497200"; d="scan'208"; a="189078335:sNHT30437271"
Received: from sj-core-2.cisco.com (sj-core-2.cisco.com [171.71.177.254]) by sj-dkim-3.cisco.com (8.12.11/8.12.11) with ESMTP id l6QEuDb2015410; Thu, 26 Jul 2007 07:56:13 -0700
Received: from xbh-sjc-211.amer.cisco.com (xbh-sjc-211.cisco.com [171.70.151.144]) by sj-core-2.cisco.com (8.12.10/8.12.6) with ESMTP id l6QEuD6C019840; Thu, 26 Jul 2007 14:56:13 GMT
Received: from xmb-sjc-21c.amer.cisco.com ([171.70.151.176]) by xbh-sjc-211.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Thu, 26 Jul 2007 07:56:13 -0700
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Subject: RE: [Tsvwg] Re: [tcpm] Revision ofdraft-larsen-tsvwg-port-randomization
Date: Thu, 26 Jul 2007 07:56:11 -0700
Message-ID: <0C53DCFB700D144284A584F54711EC5803B6C62F@xmb-sjc-21c.amer.cisco.com>
In-Reply-To: <FCA794787FDE0D4DBE9FFA11053ECEB60C26A1618E@NA-EXMSG-C110.redmond.corp.microsoft.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [Tsvwg] Re: [tcpm] Revision ofdraft-larsen-tsvwg-port-randomization
Thread-Index: Ace+JxXMdyd0r6m8RjWOhYwptpupIgRazzkAAABLFiA=
From: "Anantha Ramaiah (ananth)" <ananth@cisco.com>
To: Murari Sridharan <muraris@microsoft.com>, tsvwg WG <tsvwg@ietf.org>
X-OriginalArrivalTime: 26 Jul 2007 14:56:13.0474 (UTC) FILETIME=[1C457820:01C7CF95]
DKIM-Signature: v=0.5; a=rsa-sha256; q=dns/txt; l=3405; t=1185461773; x=1186325773; c=relaxed/simple; s=sjdkim3002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=ananth@cisco.com; z=From:=20=22Anantha=20Ramaiah=20\(ananth\)=22=20<ananth@cisco.com> |Subject:=20RE=3A=20[Tsvwg]=20Re=3A=20[tcpm]=20Revision=20ofdraft-larsen- tsvwg-port-randomization |Sender:=20; bh=L5QW9CIDUvaUFTMQwpAlzY/qEeLRhkkbm8X7R/GiTBs=; b=aw8TaeFatxIgO/4c/S0HMabKl3mWRzbegkef4E7wxcB/bm4Bebov2MCZhS7m9iIwlr9YhrEr j8eB/Wao4juChzpjpfphdsMboHdDX5bbVoStSNh9NPR2y2lMG/ukjYO6;
Authentication-Results: sj-dkim-3; header.From=ananth@cisco.com; dkim=pass ( sig from cisco.com/sjdkim3002 verified; );
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 31247fb3be228bb596db9127becad0bc
Cc: ext@cisco.com, tcpm@ietf.org, DCCP mailing list <dccp@ietf.org>, Fernando Gont <fernando@gont.com.ar>, TSV Dir <tsv-dir@ietf.org>
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
Errors-To: tcpm-bounces@ietf.org

Murari,

I agree it is good idea to have an extended port range. But dearth of
ports is one such issue. We could argue the same about TCP options
(there are few drafts which never moved forward, AFAIK). Also you can
argue he same about TCP seq#/ack# for better security reasons. I think
Mark Allman wrote a document TCPx2 (or something) which basically
doubles the TCP header (64 bit seq/ack, 32 ports etc.,) So some of the
questions which might come up (aka possible ways of achieving this)

- why not have complete change to TCP header ?(like Mark's draft is
suggesting). Obviously it almost like "TCP v6". Lots of change needed
everywhere :-)

- or do it in piecemeal, first buy more TCP option space, standardize
any one of the proposals for extending the TCP option space. Then have
an extended port option like yu suggest below. Then think about other
TCP fields requiring extension.

Just a few thoughts.

-Anantha

> -----Original Message-----
> From: Murari Sridharan [mailto:muraris@microsoft.com] 
> Sent: Thursday, July 26, 2007 7:43 AM
> To: tsvwg WG
> Cc: ext@cisco.com; tcpm@ietf.org; DCCP mailing list; Fernando 
> Gont; TSV Dir
> Subject: RE: [Tsvwg] Re: [tcpm] Revision 
> ofdraft-larsen-tsvwg-port-randomization
> 
> In this context I wanted to bring up a related issue that 
> might also strengthen this sort of a port randomization proposal.
> 
> Today the 64k port limitation is starting to become a huge 
> problem and most often admins add ip addresses to increase 
> the scalability. Given that most often the destination port 
> (and sometimes the destination address) is well known, the 
> only scalability left is the source address. Increasing ip 
> addresses to improve scalability seems a fairly round about 
> approach and frankly doesn't scale well. Given that the 64k 
> limit is not fundamental why not provide a scaling factor 
> similar to the receive window to scale the number of usable 
> ports. This also makes randomization much more meaningful 
> because in certain proxy scenarios the number of connections 
> quickly exhausts the available ports and at that point the 
> attacker can simply use any port assuming he can guess the 
> source address.
> 
> Murari
> 
> -----Original Message-----
> From: Lars Eggert [mailto:lars.eggert@nokia.com]
> Sent: Wednesday, July 04, 2007 3:35 AM
> To: tsvwg WG
> Cc: tcpm@ietf.org; DCCP mailing list; ext Fernando Gont; TSV Dir
> Subject: Re: [Tsvwg] Re: [tcpm] Revision of 
> draft-larsen-tsvwg-port-randomization
> 
> On 2007-5-31, at 17:51, ext Lars Eggert wrote:
> > The concepts in this draft are likely relevant to most of our 
> > transport protocols, and hence would be in scope for TSVWG. 
> The TSVWG 
> > chairs are interested in comments on whether there is group 
> interest 
> > in this draft - please comment on tsvwg@ietf.org.
> 
> We've received some positive feedback on adopting this draft, 
> but I'd like to see a stronger show of support, because this 
> draft impacts several of our transport protocols at the same time.
> 
> Please comment on tsvwg@ietf.org - reply-to set accordingly.
> 
> Lars
> 
> 
> 
> _______________________________________________
> tcpm mailing list
> tcpm@ietf.org
> https://www1.ietf.org/mailman/listinfo/tcpm
> 

_______________________________________________
tcpm mailing list
tcpm@ietf.org
https://www1.ietf.org/mailman/listinfo/tcpm