Re: [tcpm] ICMP attacks draft (issue 1): hard errors -> soft errors (in synchronized states)
Ted Faber <faber@ISI.EDU> Fri, 23 September 2005 16:51 UTC
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EIqld-00049l-5Z; Fri, 23 Sep 2005 12:51:21 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EIqlb-000496-94 for tcpm@megatron.ietf.org; Fri, 23 Sep 2005 12:51:19 -0400
Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA24876 for <tcpm@ietf.org>; Fri, 23 Sep 2005 12:51:16 -0400 (EDT)
Received: from boreas.isi.edu ([128.9.160.161]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1EIqs2-00034u-JD for tcpm@ietf.org; Fri, 23 Sep 2005 12:58:01 -0400
Received: from pun.isi.edu (pun.isi.edu [128.9.160.150]) by boreas.isi.edu (8.11.6p2+0917/8.11.2) with ESMTP id j8NGoHn03284; Fri, 23 Sep 2005 09:50:17 -0700 (PDT)
Received: (from faber@localhost) by pun.isi.edu (8.13.4/8.13.4/Submit) id j8NGoHKt014413; Fri, 23 Sep 2005 09:50:17 -0700 (PDT) (envelope-from faber)
Date: Fri, 23 Sep 2005 09:50:17 -0700
From: Ted Faber <faber@ISI.EDU>
To: Fernando Gont <fernando@gont.com.ar>
Subject: Re: [tcpm] ICMP attacks draft (issue 1): hard errors -> soft errors (in synchronized states)
Message-ID: <20050923165017.GD10959@pun.isi.edu>
References: <6.2.0.14.0.20050923075214.0428faa8@pop.frh.utn.edu.ar> <433411E2.3020005@isi.edu> <6.2.0.14.0.20050923125332.04320008@pop.frh.utn.edu.ar>
Mime-Version: 1.0
In-Reply-To: <6.2.0.14.0.20050923125332.04320008@pop.frh.utn.edu.ar>
User-Agent: Mutt/1.4.2.1i
X-url: http://www.isi.edu/~faber
X-ISI-4-43-8-MailScanner: Found to be clean
X-MailScanner-From: faber@pun.isi.edu
X-Spam-Score: 0.0 (/)
X-Scan-Signature: f60d0f7806b0c40781eee6b9cd0b2135
Cc: tcpm@ietf.org, Joe Touch <touch@ISI.EDU>
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============0992464299=="
Sender: tcpm-bounces@ietf.org
Errors-To: tcpm-bounces@ietf.org
On Fri, Sep 23, 2005 at 12:57:40PM -0300, Fernando Gont wrote: > At 11:32 a.m. 23/09/2005, Joe Touch wrote: > > >> Issue 1 is: When a so-called ICMP "hard error" is received for a > >> connection in any of the synchronized states (ESTABLISHED and so on), > >> treat the error message as a soft error (i.e., do NOT abort the > >> corresponding connection). > > > >WHY? Such an error could occur due to a reboot. It is legitimate operation. > > In that case you should receive an RST, not an ICMP message. Joe's not laying out his case completely. Let me try to fill in the blanks and he can tell me where I've misinterpreted what he's suggesting. Imagine a host that speaks IPv4 and TCP. You connect to it. The host goes down and reboots (fairly quickly), but it's flag day, and the host now no longer supports IPv4 at all, or no longer supports TCP at all. You can work your imagination for other reasons that TCP might fail to come up - a firewall (mis-?)configured to send the ICMP for application protocols that have been outlawed, an embedded TCP stack with an initialization/configuration error, TCP in an LKM with the wrong kernel version... There are a few whack-O cases out there that are unlikely but well within the range of the possible. None of those behaviors (with the possible exception of the firewall) breaks a spec that I can think of. The point is that for whatever reason, all the host can do is send a Protocol Not Supported ICMP, because the TCP stack will not be reached (the postulate is that the host has stopped speaking either TCP or IPv4). Because the packet can't get to the TCP stack (which may not be running at all), the host can't generate an RST. Of course, if no ICMP is generated or gets through, the ESTABLISHED TCP will eventually have a UTO and abort the connection. Yes, this is a pretty bizarre case, but it is a valid hard error in an ESTABLISHED state, and one where aborting the connection is the most sensible thing to do. -- Ted Faber http://www.isi.edu/~faber PGP: http://www.isi.edu/~faber/pubkeys.asc Unexpected attachment on this mail? See http://www.isi.edu/~faber/FAQ.html#SIG
_______________________________________________ tcpm mailing list tcpm@ietf.org https://www1.ietf.org/mailman/listinfo/tcpm
- [tcpm] ICMP attacks draft (issue 1): hard errors … Fernando Gont
- Re: [tcpm] ICMP attacks draft (issue 1): hard err… Joe Touch
- Re: [tcpm] ICMP attacks draft (issue 1): hard err… Fernando Gont
- Re: [tcpm] ICMP attacks draft (issue 1): hard err… Ted Faber
- Re: [tcpm] ICMP attacks draft (issue 1): hard err… Joe Touch
- Re: [tcpm] ICMP attacks draft (issue 1): hard err… Fernando Gont
- Re: [tcpm] ICMP attacks draft (issue 1): hard err… Fernando Gont
- Re: [tcpm] ICMP attacks draft (issue 1): hard err… Fernando Gont
- Re: [tcpm] ICMP attacks draft (issue 1): hard err… Joe Touch
- Re: [tcpm] ICMP attacks draft (issue 1): hard err… Joe Touch
- Re: [tcpm] ICMP attacks draft (issue 1): hard err… Fernando Gont
- Re: [tcpm] ICMP attacks draft (issue 1): hard err… Joe Touch
- Re: [tcpm] ICMP attacks draft (issue 1): hard err… Fernando Gont
- Re: [tcpm] ICMP attacks draft (issue 1): hard err… Joe Touch
- Re: [tcpm] ICMP attacks draft (issue 1): hard err… Fernando Gont
- Re: [tcpm] ICMP attacks draft (issue 1): hard err… Joe Touch
- Re: [tcpm] ICMP attacks draft (issue 1): hard err… Lloyd Wood
- Re: [tcpm] ICMP attacks draft (issue 1): hard err… Jakob Heitz
- Re: [tcpm] ICMP attacks draft (issue 1): hard err… Fernando Gont
- Re: [tcpm] ICMP attacks draft (issue 1): hard err… Ted Faber
- Re: [tcpm] ICMP attacks draft (issue 1): hard err… Fernando Gont
- Re: [tcpm] ICMP attacks draft (issue 1): hard err… Joe Touch
- Re: [tcpm] ICMP attacks draft (issue 1): hard err… Fernando Gont
- Re: [tcpm] ICMP attacks draft (issue 1): hard err… Joe Touch
- Re: [tcpm] ICMP attacks draft (issue 1): hard err… Lloyd Wood
- Re: [tcpm] ICMP attacks draft (issue 1): hard err… Ted Faber
- Re: [tcpm] ICMP attacks draft (issue 1): hard err… Ted Faber
- Re: [tcpm] ICMP attacks draft (issue 1): hard err… Ted Faber
- Re: [tcpm] ICMP attacks draft (issue 1): hard err… Joe Touch
- tcpm-antispoof and TCP's weakness [Re: [tcpm] ICM… Pekka Savola
- Re: tcpm-antispoof and TCP's weakness [Re: [tcpm]… Joe Touch
- Re: tcpm-antispoof and TCP's weakness [Re: [tcpm]… Pekka Savola