[tcpm] Question about the path of tcpsecure and ICMP attacks
Fernando Gont <fernando@gont.com.ar> Fri, 14 July 2006 09:58 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1G1KQv-0004oC-7B; Fri, 14 Jul 2006 05:58:05 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1G1KQt-0004o7-Vw for tcpm@ietf.org; Fri, 14 Jul 2006 05:58:04 -0400
Received: from venus.xmundo.net ([201.216.232.56]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1G1KQs-0001yu-C5 for tcpm@ietf.org; Fri, 14 Jul 2006 05:58:03 -0400
Received: from fgont.gont.com.ar (171-180-231-201.fibertel.com.ar [201.231.180.171]) (authenticated bits=0) by venus.xmundo.net (8.12.11/8.12.11) with ESMTP id k6E9vhuk019381; Fri, 14 Jul 2006 06:57:45 -0300
Message-Id: <7.0.1.0.0.20060714061250.08589008@gont.com.ar>
X-Mailer: QUALCOMM Windows Eudora Version 7.0.1.0
Date: Fri, 14 Jul 2006 06:51:54 -0300
To: tcpm@ietf.org
From: Fernando Gont <fernando@gont.com.ar>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
X-Spam-Score: 0.1 (/)
X-Scan-Signature: 8b431ad66d60be2d47c7bfeb879db82c
Cc: Ted Faber <faber@ISI.EDU>, Mark Allman <mallman@icir.org>
Subject: [tcpm] Question about the path of tcpsecure and ICMP attacks
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
Errors-To: tcpm-bounces@ietf.org
Folks, Recent discussion on the tcpsecure draft has made me think (again) about the path of the tcpsecure and the ICMP attacks draft. tcpsecure is meant for standards track, while the ICMP attacks draft is meant for Informational. tcpsecure aims to address, among others, blind connection-reset attacks, which require an attacker to spoof a segment that contains the four-tuple that identifies the connection *only* is "in window". Source IP address spoofing is necessary. icmp-attacks aims to address, among others, blind connection-reset attacks, which *only* requires the attacker to spoof a packet that contains the four-tuple that identifies the connection to be attacked. Source IP address spoofing is not necessary. As Joe pointed out, it's clear that if you bother to mitigate (TCP-based) in-window attacks, you will first (or "also", if you want) mitigate the ICMP-based ones, for which the TCP sequence number does not matter at all. However, with the current path that each document has, the specifications would end up fixed for the "in window" (TCP-based) attacks, but not for the more simple ICMP-based counterpart. A number of folks have mentioned that they would like the specs fixed wrt the ICMP attacks. But the path of the ICMP attacks draft is still Informational (as decided in IETF 64). I'll be working on the next revision of the ICMP attacks anytime soon. Among all the feedback there is to address, there's that of rephrasing the text that was originally in RFC2119-speak (as the draft is currently meant for Informational). Therefore, it would be useful to make that of which path the ICMP attacks draft aims to, so that I don't go back and forth with the text that makes the draft prescriptive. Kindest regards, -- Fernando Gont e-mail: fernando@gont.com.ar || fgont@acm.org PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1 _______________________________________________ tcpm mailing list tcpm@ietf.org https://www1.ietf.org/mailman/listinfo/tcpm
- [tcpm] Question about the path of tcpsecure and I… Fernando Gont