IETF Logo Mail Archive

Re: [tcpm] feedcback on tcp-secure-05: suggested text

Fernando Gont <fernando@gont.com.ar> Wed, 19 July 2006 00:40 UTC

Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1G3075-0000hX-QM; Tue, 18 Jul 2006 20:40:31 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1G3075-0000hS-97 for tcpm@ietf.org; Tue, 18 Jul 2006 20:40:31 -0400
Received: from venus.xmundo.net ([201.216.232.56]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1G3073-0004oo-Lk for tcpm@ietf.org; Tue, 18 Jul 2006 20:40:31 -0400
Received: from fgont.gont.com.ar (171-180-231-201.fibertel.com.ar [201.231.180.171]) (authenticated bits=0) by venus.xmundo.net (8.12.11/8.12.11) with ESMTP id k6J0eOjH004712; Tue, 18 Jul 2006 21:40:29 -0300
Message-Id: <7.0.1.0.0.20060718211858.05384d00@gont.com.ar>
X-Mailer: QUALCOMM Windows Eudora Version 7.0.1.0
Date: Tue, 18 Jul 2006 21:37:28 -0300
To: Ted Faber <faber@ISI.EDU>
From: Fernando Gont <fernando@gont.com.ar>
Subject: Re: [tcpm] feedcback on tcp-secure-05: suggested text
In-Reply-To: <20060719000728.GT50683@hut.isi.edu>
References: <44B682AB.9010702@isi.edu> <7.0.1.0.0.20060715162015.085dce90@gont.com.ar> <44BB1965.9070305@isi.edu> <20060717180238.GE38453@hut.isi.edu> <20060718181852.GC50683@hut.isi.edu> <44BD430B.50401@cisco.com> <7.0.1.0.0.20060718174534.04c68e68@gont.com.ar> <20060718212301.GE50683@hut.isi.edu> <7.0.1.0.0.20060718201549.04c5bb78@gont.com.ar> <20060719000728.GT50683@hut.isi.edu>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
X-Spam-Score: 0.1 (/)
X-Scan-Signature: 538aad3a3c4f01d8b6a6477ca4248793
Cc: Randall Stewart <rrs@cisco.com>, tcpm@ietf.org
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
Errors-To: tcpm-bounces@ietf.org

At 21:07 18/07/2006, Ted Faber wrote:

>On Tue, Jul 18, 2006 at 08:32:01PM -0300, Fernando Gont wrote:
> > RFC 4301 never states that ICMP messages should be filtered. And its
> > clear from this last paragraph that a number of behaviours (including
> > "act on it with constraints") are among the possibilities.
>
>Fine.  Try the attached.
>
>I'm happy to add an explicit reference to the attacks draft if it can be
>phrased in such a way that it does not link the publication of the two.
>Feel free to send text.

I'd change the text to:

"Implementors should be aware that the attacks detailed in this
specification are not the only attacks available to an off-path attacker
and that the countermeasures described herein are not a comprehensive
defense against such attacks.

In particular, administrators should be aware that forged ICMP messages
provide off-path attackers the opportunity to disrupt connections or
degrade service.  Such packets may be subject to even less scrutiny than
those required for the TCP attacks addressed here, especially in 
stacks not tuned for
hostile environments.

This RFC details only part of a complete strategy to
prevent off-path attackers from disrupting services that use TCP.
Administrators and implementors should consider the other attack vectors
and determine appropriate mitigations in securing their systems.

[antispoof] provides a detailed discussion of TCP attacks based on 
forged TCP segments, along with
a discussion on the possible counter-measures.  [ICMP-attacks] 
provides a detailed discussion on TCP attacks based
on forged ICMP packets, along with the possible counter-measures."


Note that I basically removed text, and added references. And that 
the references are included in a way in which there's no "requirement".

Kindest regards,

--
Fernando Gont
e-mail: fernando@gont.com.ar || fgont@acm.org
PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1






_______________________________________________
tcpm mailing list
tcpm@ietf.org
https://www1.ietf.org/mailman/listinfo/tcpm

v2.23.0 | Report a Bug | By Email