RE: [Tsvwg] Re: [tcpm] Revision ofdraft-larsen-tsvwg-port-randomization
Murari Sridharan <muraris@microsoft.com> Thu, 26 July 2007 15:05 UTC
Return-path: <tcpm-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1IE4tt-0001Y4-Fw; Thu, 26 Jul 2007 11:05:13 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IE4tr-0001Wl-Gp; Thu, 26 Jul 2007 11:05:11 -0400
Received: from smtp.microsoft.com ([131.107.115.212]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1IE4tq-0008PL-8q; Thu, 26 Jul 2007 11:05:11 -0400
Received: from tk1-exhub-c104.redmond.corp.microsoft.com (157.56.116.117) by TK5-EXGWY-E801.partners.extranet.microsoft.com (10.251.56.50) with Microsoft SMTP Server (TLS) id 8.0.700.0; Thu, 26 Jul 2007 08:05:09 -0700
Received: from NA-EXMSG-C110.redmond.corp.microsoft.com ([157.54.62.150]) by tk1-exhub-c104.redmond.corp.microsoft.com ([157.56.116.117]) with mapi; Thu, 26 Jul 2007 08:05:09 -0700
From: Murari Sridharan <muraris@microsoft.com>
To: "Anantha Ramaiah (ananth)" <ananth@cisco.com>, tsvwg WG <tsvwg@ietf.org>
Date: Thu, 26 Jul 2007 08:05:08 -0700
Subject: RE: [Tsvwg] Re: [tcpm] Revision ofdraft-larsen-tsvwg-port-randomization
Thread-Topic: [Tsvwg] Re: [tcpm] Revision ofdraft-larsen-tsvwg-port-randomization
Thread-Index: Ace+JxXMdyd0r6m8RjWOhYwptpupIgRazzkAAABLFiAAAJKnUA==
Message-ID: <FCA794787FDE0D4DBE9FFA11053ECEB60C26A161B5@NA-EXMSG-C110.redmond.corp.microsoft.com>
References: <FCA794787FDE0D4DBE9FFA11053ECEB60C26A1618E@NA-EXMSG-C110.redmond.corp.microsoft.com> <0C53DCFB700D144284A584F54711EC5803B6C62F@xmb-sjc-21c.amer.cisco.com>
In-Reply-To: <0C53DCFB700D144284A584F54711EC5803B6C62F@xmb-sjc-21c.amer.cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Spam-Score: -8.0 (--------)
X-Scan-Signature: 5011df3e2a27abcc044eaa15befcaa87
Cc: "tcpm@ietf.org" <tcpm@ietf.org>, mailing list <dccp@ietf.org>, Fernando Gont <fernando@gont.com.ar>, TSV Dir <tsv-dir@ietf.org>, "ext@cisco.com" <ext@cisco.com>, DCCP
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
Errors-To: tcpm-bounces@ietf.org
We'll I guess we need things to be incrementally deployable so I think piecemeal is more practical. Having said that I am very cautious about any extensibility proposal, primarily around non-compliant devices which makes even incremental deployment slow down to a crawl, like the problems we are seeing with enabling WS by default. Given this option has been around forever and still causes significant connectivity problems so piecemeal options are not a cake walk either. -----Original Message----- From: Anantha Ramaiah (ananth) [mailto:ananth@cisco.com] Sent: Thursday, July 26, 2007 7:56 AM To: Murari Sridharan; tsvwg WG Cc: ext@cisco.com; tcpm@ietf.org; DCCP mailing list; Fernando Gont; TSV Dir Subject: RE: [Tsvwg] Re: [tcpm] Revision ofdraft-larsen-tsvwg-port-randomization Murari, I agree it is good idea to have an extended port range. But dearth of ports is one such issue. We could argue the same about TCP options (there are few drafts which never moved forward, AFAIK). Also you can argue he same about TCP seq#/ack# for better security reasons. I think Mark Allman wrote a document TCPx2 (or something) which basically doubles the TCP header (64 bit seq/ack, 32 ports etc.,) So some of the questions which might come up (aka possible ways of achieving this) - why not have complete change to TCP header ?(like Mark's draft is suggesting). Obviously it almost like "TCP v6". Lots of change needed everywhere :-) - or do it in piecemeal, first buy more TCP option space, standardize any one of the proposals for extending the TCP option space. Then have an extended port option like yu suggest below. Then think about other TCP fields requiring extension. Just a few thoughts. -Anantha > -----Original Message----- > From: Murari Sridharan [mailto:muraris@microsoft.com] > Sent: Thursday, July 26, 2007 7:43 AM > To: tsvwg WG > Cc: ext@cisco.com; tcpm@ietf.org; DCCP mailing list; Fernando > Gont; TSV Dir > Subject: RE: [Tsvwg] Re: [tcpm] Revision > ofdraft-larsen-tsvwg-port-randomization > > In this context I wanted to bring up a related issue that > might also strengthen this sort of a port randomization proposal. > > Today the 64k port limitation is starting to become a huge > problem and most often admins add ip addresses to increase > the scalability. Given that most often the destination port > (and sometimes the destination address) is well known, the > only scalability left is the source address. Increasing ip > addresses to improve scalability seems a fairly round about > approach and frankly doesn't scale well. Given that the 64k > limit is not fundamental why not provide a scaling factor > similar to the receive window to scale the number of usable > ports. This also makes randomization much more meaningful > because in certain proxy scenarios the number of connections > quickly exhausts the available ports and at that point the > attacker can simply use any port assuming he can guess the > source address. > > Murari > > -----Original Message----- > From: Lars Eggert [mailto:lars.eggert@nokia.com] > Sent: Wednesday, July 04, 2007 3:35 AM > To: tsvwg WG > Cc: tcpm@ietf.org; DCCP mailing list; ext Fernando Gont; TSV Dir > Subject: Re: [Tsvwg] Re: [tcpm] Revision of > draft-larsen-tsvwg-port-randomization > > On 2007-5-31, at 17:51, ext Lars Eggert wrote: > > The concepts in this draft are likely relevant to most of our > > transport protocols, and hence would be in scope for TSVWG. > The TSVWG > > chairs are interested in comments on whether there is group > interest > > in this draft - please comment on tsvwg@ietf.org. > > We've received some positive feedback on adopting this draft, > but I'd like to see a stronger show of support, because this > draft impacts several of our transport protocols at the same time. > > Please comment on tsvwg@ietf.org - reply-to set accordingly. > > Lars > > > > _______________________________________________ > tcpm mailing list > tcpm@ietf.org > https://www1.ietf.org/mailman/listinfo/tcpm > _______________________________________________ tcpm mailing list tcpm@ietf.org https://www1.ietf.org/mailman/listinfo/tcpm
- [tcpm] Revision of draft-larsen-tsvwg-port-random… Fernando Gont
- Re: [tcpm] Revision of draft-larsen-tsvwg-port-ra… Lars Eggert
- Re: [Tsvwg] Re: [tcpm] Revision of draft-larsen-t… Lars Eggert
- RE: [Tsvwg] Re: [tcpm] Revision of draft-larsen-t… Murari Sridharan
- RE: [Tsvwg] Re: [tcpm] Revision ofdraft-larsen-ts… Anantha Ramaiah (ananth)
- RE: [Tsvwg] Re: [tcpm] Revision ofdraft-larsen-ts… Murari Sridharan
- Re: [Tsvwg] Re: [tcpm] Revision of draft-larsen-t… Joe Touch
- Re: [Tsvwg] Re: [tcpm] Revision ofdraft-larsen-ts… Joe Touch
- RE: [Tsvwg] Re: [tcpm] Revision of draft-larsen-t… Murari Sridharan
- Re: [Tsvwg] Re: [tcpm]Revision ofdraft-larsen-tsv… Wesley Eddy
- Re: [Tsvwg] Re: [tcpm] Revision of draft-larsen-t… Joe Touch
- Re: [Tsvwg] Re: [tcpm]Revision ofdraft-larsen-tsv… Joe Touch
- RE: [Tsvwg] Re: [tcpm] Revision ofdraft-larsen-ts… Anantha Ramaiah (ananth)
- [tcpm] discussion of TCP option space Joe Touch
- RE: [Tsvwg] Re: [tcpm] Revision of draft-larsen-t… Fernando Gont
- Re: [Tsvwg] Re: [tcpm] Revision ofdraft-larsen-ts… Joe Touch