Re: [tcpm] ICMP attacks draft (issue 1): hard errors -> soft errors (in synchronized states)
Joe Touch <touch@ISI.EDU> Fri, 30 September 2005 18:37 UTC
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1ELPlY-00007Z-P1; Fri, 30 Sep 2005 14:37:52 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1ELPlX-00007T-GM for tcpm@megatron.ietf.org; Fri, 30 Sep 2005 14:37:51 -0400
Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA27178 for <tcpm@ietf.org>; Fri, 30 Sep 2005 14:37:50 -0400 (EDT)
Received: from boreas.isi.edu ([128.9.160.161]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1ELPtR-0005PP-6O for tcpm@ietf.org; Fri, 30 Sep 2005 14:46:02 -0400
Received: from [128.9.176.136] (ras36.isi.edu [128.9.176.136]) by boreas.isi.edu (8.11.6p2+0917/8.11.2) with ESMTP id j8UIamL16166; Fri, 30 Sep 2005 11:36:48 -0700 (PDT)
Message-ID: <433D85BD.4020204@isi.edu>
Date: Fri, 30 Sep 2005 11:36:45 -0700
From: Joe Touch <touch@ISI.EDU>
User-Agent: Mozilla Thunderbird 1.0.2 (Windows/20050317)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Fernando Gont <fernando@gont.com.ar>
Subject: Re: [tcpm] ICMP attacks draft (issue 1): hard errors -> soft errors (in synchronized states)
References: <6.2.0.14.0.20050923075214.0428faa8@pop.frh.utn.edu.ar> <433411E2.3020005@isi.edu> <6.2.0.14.0.20050923125332.04320008@pop.frh.utn.edu.ar> <20050923165017.GD10959@pun.isi.edu> <6.2.0.14.0.20050927015438.07c2a418@pop.frh.utn.edu.ar> <20050930174011.GK999@pun.isi.edu> <6.2.0.14.0.20050930150854.0592eee0@pop.frh.utn.edu.ar>
In-Reply-To: <6.2.0.14.0.20050930150854.0592eee0@pop.frh.utn.edu.ar>
X-Enigmail-Version: 0.92.0.0
X-ISI-4-43-8-MailScanner: Found to be clean
X-MailScanner-From: touch@isi.edu
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 5a9a1bd6c2d06a21d748b7d0070ddcb8
Cc: tcpm@ietf.org, Ted Faber <faber@ISI.EDU>
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============1974680600=="
Sender: tcpm-bounces@ietf.org
Errors-To: tcpm-bounces@ietf.org
Fernando Gont wrote: ... >> Joe's described a >> situation (that consists of many different possible causes) where >> listening to that ICMP is perfectly reasonable. >> An application's always welcome to shoot itself from TCP's perspective. > > I mean that even when you treat the hard error as soft error, you still > notify it to the application. The application can, upon this > notification, cause the connection to be aborted. FWIW, the application can't do much with ICMPs it didn't expect to be notified about. So this change requires not only a change to TCP, but a change to every application that might be affected. That's worth noting (if not reconsidering the implications of). >> If you've got questions about the motivations for and support of >> tcpsecure, there's no need to be coy - no need to make such comments >> conditionally. :-) >> >> Right now, it sounds like the answer to your question is "yes, the WG >> supports the tcp secure changes, independently of the changes proposed >> here." > > My argument is: Why would an attacker bother to guess a TCP sequence > number, when it can reset a conenction much more trivially by means of > ICMP? > > "The strength of a chain is that of the weakest link", I mean. But TCP-antispoof explains that the chain is already sufficiently weak in many cases even if you try to fix ICMP. Joe
_______________________________________________ tcpm mailing list tcpm@ietf.org https://www1.ietf.org/mailman/listinfo/tcpm
- [tcpm] ICMP attacks draft (issue 1): hard errors … Fernando Gont
- Re: [tcpm] ICMP attacks draft (issue 1): hard err… Joe Touch
- Re: [tcpm] ICMP attacks draft (issue 1): hard err… Fernando Gont
- Re: [tcpm] ICMP attacks draft (issue 1): hard err… Ted Faber
- Re: [tcpm] ICMP attacks draft (issue 1): hard err… Joe Touch
- Re: [tcpm] ICMP attacks draft (issue 1): hard err… Fernando Gont
- Re: [tcpm] ICMP attacks draft (issue 1): hard err… Fernando Gont
- Re: [tcpm] ICMP attacks draft (issue 1): hard err… Fernando Gont
- Re: [tcpm] ICMP attacks draft (issue 1): hard err… Joe Touch
- Re: [tcpm] ICMP attacks draft (issue 1): hard err… Joe Touch
- Re: [tcpm] ICMP attacks draft (issue 1): hard err… Fernando Gont
- Re: [tcpm] ICMP attacks draft (issue 1): hard err… Joe Touch
- Re: [tcpm] ICMP attacks draft (issue 1): hard err… Fernando Gont
- Re: [tcpm] ICMP attacks draft (issue 1): hard err… Joe Touch
- Re: [tcpm] ICMP attacks draft (issue 1): hard err… Fernando Gont
- Re: [tcpm] ICMP attacks draft (issue 1): hard err… Joe Touch
- Re: [tcpm] ICMP attacks draft (issue 1): hard err… Lloyd Wood
- Re: [tcpm] ICMP attacks draft (issue 1): hard err… Jakob Heitz
- Re: [tcpm] ICMP attacks draft (issue 1): hard err… Fernando Gont
- Re: [tcpm] ICMP attacks draft (issue 1): hard err… Ted Faber
- Re: [tcpm] ICMP attacks draft (issue 1): hard err… Fernando Gont
- Re: [tcpm] ICMP attacks draft (issue 1): hard err… Joe Touch
- Re: [tcpm] ICMP attacks draft (issue 1): hard err… Fernando Gont
- Re: [tcpm] ICMP attacks draft (issue 1): hard err… Joe Touch
- Re: [tcpm] ICMP attacks draft (issue 1): hard err… Lloyd Wood
- Re: [tcpm] ICMP attacks draft (issue 1): hard err… Ted Faber
- Re: [tcpm] ICMP attacks draft (issue 1): hard err… Ted Faber
- Re: [tcpm] ICMP attacks draft (issue 1): hard err… Ted Faber
- Re: [tcpm] ICMP attacks draft (issue 1): hard err… Joe Touch
- tcpm-antispoof and TCP's weakness [Re: [tcpm] ICM… Pekka Savola
- Re: tcpm-antispoof and TCP's weakness [Re: [tcpm]… Joe Touch
- Re: tcpm-antispoof and TCP's weakness [Re: [tcpm]… Pekka Savola