IETF Logo Mail Archive

[tcpm] [ah@tr-sys.de: draft-ietf-tcpm-syn-flood-01]

Wesley Eddy <weddy@grc.nasa.gov> Fri, 26 January 2007 19:23 UTC

Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1HAWf9-00052l-MZ; Fri, 26 Jan 2007 14:23:03 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1HAWf8-00051P-Di for tcpm@ietf.org; Fri, 26 Jan 2007 14:23:02 -0500
Received: from mx2.grc.nasa.gov ([128.156.11.69]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1HAWf6-0007Wc-QW for tcpm@ietf.org; Fri, 26 Jan 2007 14:23:02 -0500
Received: from lombok-fi.grc.nasa.gov (seraph.grc.nasa.gov [128.156.10.10]) by mx2.grc.nasa.gov (Postfix) with ESMTP id A97B3C317 for <tcpm@ietf.org>; Fri, 26 Jan 2007 14:22:57 -0500 (EST)
Received: from apataki.grc.nasa.gov (apataki.grc.nasa.gov [139.88.112.35]) by lombok-fi.grc.nasa.gov (NASA GRC TCPD 8.13.7/8.13.7) with ESMTP id l0QJMv4U019184; Fri, 26 Jan 2007 14:22:57 -0500 (EST)
Received: from localhost (localhost [127.0.0.1]) by apataki.grc.nasa.gov (NASA GRC TCPD 8.13.7/8.13.7) with ESMTP id l0QJMun4026985; Fri, 26 Jan 2007 14:22:56 -0500 (EST)
Received: from apataki.grc.nasa.gov ([127.0.0.1])by localhost (apataki.grc.nasa.gov [127.0.0.1]) (amavisd-new, port 10024)with ESMTP id bLNRLtMFRBt8; Fri, 26 Jan 2007 14:22:56 -0500 (EST)
Received: from drpepper.grc.nasa.gov (gr2134391.grc.nasa.gov [139.88.44.123])by apataki.grc.nasa.gov (NASA GRC TCPD 8.13.7/8.13.7) with ESMTP id l0QJMtgJ026981;Fri, 26 Jan 2007 14:22:55 -0500 (EST)
Received: by drpepper.grc.nasa.gov (Postfix, from userid 501)id 380314FE51; Fri, 26 Jan 2007 14:20:23 -0500 (EST)
Date: Fri, 26 Jan 2007 14:20:23 -0500
From: Wesley Eddy <weddy@grc.nasa.gov>
To: tcpm@ietf.org
Message-ID: <20070126192022.GB12387@grc.nasa.gov>
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Disposition: inline
User-Agent: Mutt/1.5.5.1i
X-imss-version: 2.045
X-imss-result: Passed
X-imss-scores: Clean:99.90000 C:2 M:6 S:5 R:5
X-imss-settings: Baseline:1 C:2 M:2 S:2 R:2 (0.0000 0.0000)
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 225414c974e0d6437992164e91287a51
Cc: ah@tr-sys.de
Subject: [tcpm] [ah@tr-sys.de: draft-ietf-tcpm-syn-flood-01]
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: weddy@grc.nasa.gov
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
Errors-To: tcpm-bounces@ietf.org

This note on the TCP SYN flooding draft is forwarded with permission
from its author.  All of the suggested changes look right to me, and
will show up in the next update of the draft.


----- Forwarded message from Alfred Hönes <ah@tr-sys.de> -----

From: Alfred Hönes <ah@tr-sys.de>
Subject: draft-ietf-tcpm-syn-flood-01
To: weddy@grc.nasa.gov
Date: Thu, 25 Jan 2007 10:15:56 +0100 (MEZ)

Hello,
after studying the Internet-Draft authored by you,
   draft-ietf-tcpm-syn-flood-01 ,
I'd like to submit a few comments, mostly addressing textual
flaws I found in that memo.

Generally, the presentation of the topic is very welcomed,
it's over-due!
Also, technical coverage seems to be complete and reasonable.
Therefore, no specific objections!

The items below address the remaining nits I found in the draft;
they are presented in textual order, with one exception, at the end.
To give more context, sometimes I quote larger blocks of text
literally and show the replacement proposed using the shorthand
notation:

   <original draft text>
---
   <modified text>

I use change bars ('|' in column 1) and occasionally
up/down pointing marker lines ('^^^'/'vvv') to emphasize
the location of textual issues and/or proposed corrections.
Modified text has been re-adjusted to match RFC formatting
rules, where appropriate.  I also try to accomodate published
RFC-Ed policy on style and punctuation etc. in my proposals.


(1)  Section 1, last paragraph: improper wording

   This majority of this document consists of three sections.  [...]
---
   The majority of this document consists of three sections.  [...]


(2)  Section 2.2, first paragraph: punctuation

   As described in RFC 793, a TCP implementation may allow the LISTEN
|  state to be entered with either all, some. or none of the pair of IP
   addresses and port numbers specified by the application.  [...]
---                                         ^
   As described in RFC 793, a TCP implementation may allow the LISTEN
|  state to be entered with either all, some, or none of the pair of IP
   addresses and port numbers specified by the application.  [...]


(3)  Section 2.2, 4th paragraph: word omission (?)

                                                [...].  In other systems
   that implement less complex TCP algorithms and options, the overhead
   may be less, although typically exceeds 280 bytes [SKK+97].
---
                                                [...].  In other systems
   that implement less complex TCP algorithms and options, the overhead
|  may be less, although it typically exceeds 280 bytes [SKK+97].


(4)  Section 3.7: two typos

|  Firewall-baed tactics may also be used to defend end-hosts from SYN
   flooding attacks.  The basic concept is to offload the connection
|  establishment proceedures onto a firewall that screens connection
   attempts until they are completed and then proxies them back to
   protected end hosts.  [...]
---
|  Firewall-based tactics may also be used to defend end-hosts from SYN
   flooding attacks.  The basic concept is to offload the connection
|  establishment procedures onto a firewall that screens connection
   attempts until they are completed and then proxies them back to
   protected end hosts.  [...]


(5)  Section 4, 2nd paragraph: typo

   Among end host modifications, the SYN cache and SYN cookie approaches
|  seem to be the only viable techniques discoverd.  Increasing the
   backlog and reducing the SYN-RECEIVED timer are measurably
   problematic.  [...]
---
   Among end host modifications, the SYN cache and SYN cookie approaches
|  seem to be the only viable techniques discovered.  Increasing the
   backlog and reducing the SYN-RECEIVED timer are measurably
   problematic.  [...]


(6)  Section 4, 4th paragraph: grammar

   In 1997, NetBSD incorporated a modified version of Borman's code.
   Two notable differences from the original code stem from the decision
|  to use of the cache by default (for all connections).  This implied
   the need to perform retransmissions for SYN-ACKs, and to use larger
   structures to keep more complete data.  [...]
---
   In 1997, NetBSD incorporated a modified version of Borman's code.
   Two notable differences from the original code stem from the decision
|  to use the cache by default (for all connections).  This implied the
   need to perform retransmissions for SYN-ACKs, and to use larger
   structures to keep more complete data.  [...]


(7)  Appendix A, 4th paragraph: grammar/typo
                                                    vvvvvvvvvvvvvvvvvvv
|  With SYN cookies enabled, a host will be able to maintain responsive
   even when under a SYN flooding attack.  [...]
---
|  With SYN cookies enabled, a host will be able to remain responsive
   even when under a SYN flooding attack.  [...]

(Or use: "maintain responsiveness" -- I prefer the shorter form above.)


(8)  Appendix A, 6th paragraph: word omission
                                                                v
|  The best description of the exact SYN cookie algorithms is in part of
   an email from Bernstein, that is archived on the web site (notice it
   does not set the top five bits from the counter modulo 32, as the
   previous description did, but instead uses 29 bits from the second
   MD5 operation and 3 bits for the index into the MSS table;
   establishing the secret values is also not discussed):
---                                                             vvv
|  The best description of the exact SYN cookie algorithms is in a part
   of an email from Bernstein, that is archived on the web site (notice
   it does not set the top five bits from the counter modulo 32, as the
   previous description did, but instead uses 29 bits from the second
   MD5 operation and 3 bits for the index into the MSS table;
   establishing the secret values is also not discussed):


And last, but not least:

(9)  Section 6 - Acknowledgements

IMHO, the seminal work of D.J. Bernstein deserves a note in Section 6,
in particular for its 'contribution' in Appendix A.


Best regards,
  Alfred Hönes.

-- 

+------------------------+--------------------------------------------+
| TR-Sys Alfred Hoenes   |  Alfred Hoenes   Dipl.-Math., Dipl.-Phys.  |
| Gerlinger Strasse 12   |  Phone: (+49)7156/9635-0, Fax: -18         |
| D-71254  Ditzingen     |  E-Mail:  ah@TR-Sys.de                     |
+------------------------+--------------------------------------------+

----- End forwarded message -----

_______________________________________________
tcpm mailing list
tcpm@ietf.org
https://www1.ietf.org/mailman/listinfo/tcpm

v2.23.0 | Report a Bug | By Email