Re: tcpm-antispoof and TCP's weakness [Re: [tcpm] ICMP attacks draft (issue 1): hard errors -> soft errors (in synchronized states)]
Pekka Savola <pekkas@netcore.fi> Mon, 03 October 2005 10:26 UTC
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EMNWR-0008Ls-7i; Mon, 03 Oct 2005 06:26:15 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EMNWQ-0008Ln-Cn for tcpm@megatron.ietf.org; Mon, 03 Oct 2005 06:26:14 -0400
Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id GAA18686 for <tcpm@ietf.org>; Mon, 3 Oct 2005 06:26:12 -0400 (EDT)
Received: from netcore.fi ([193.94.160.1]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1EMNeq-0002VB-UF for tcpm@ietf.org; Mon, 03 Oct 2005 06:34:59 -0400
Received: from localhost (pekkas@localhost) by netcore.fi (8.11.6/8.11.6) with ESMTP id j93APSj24594; Mon, 3 Oct 2005 13:25:29 +0300
Date: Mon, 03 Oct 2005 13:25:28 +0300
From: Pekka Savola <pekkas@netcore.fi>
To: Joe Touch <touch@ISI.EDU>
Subject: Re: tcpm-antispoof and TCP's weakness [Re: [tcpm] ICMP attacks draft (issue 1): hard errors -> soft errors (in synchronized states)]
In-Reply-To: <433F5958.5070408@isi.edu>
Message-ID: <Pine.LNX.4.61.0510031254410.24077@netcore.fi>
References: <6.2.0.14.0.20050923075214.0428faa8@pop.frh.utn.edu.ar> <433411E2.3020005@isi.edu> <6.2.0.14.0.20050923125332.04320008@pop.frh.utn.edu.ar> <20050923165017.GD10959@pun.isi.edu> <6.2.0.14.0.20050927015438.07c2a418@pop.frh.utn.edu.ar> <20050930174011.GK999@pun.isi.edu> <6.2.0.14.0.20050930150854.0592eee0@pop.frh.utn.edu.ar> <433D85BD.4020204@isi.edu> <Pine.LNX.4.61.0510010830320.31739@netcore.fi> <433F5958.5070408@isi.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"; format="flowed"
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 8abaac9e10c826e8252866cbe6766464
Cc: tcpm@ietf.org, Fernando Gont <fernando@gont.com.ar>
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
Sender: tcpm-bounces@ietf.org
Errors-To: tcpm-bounces@ietf.org
On Sat, 1 Oct 2005, Joe Touch wrote: > Cases where source address spoofing can be eliminated amount to real > security, either by signatures or by trusted edge filtering. > > I would conclude that TCP doesn't have security (because it doesn't), > and that this weakness can be made strong by using real security > (TCP/MD5, IPsec). Ack/seq may not be exactly 'strong', but it's still something. Regardless of that 'real security' are generic solutions, and may not be needed in all the cases. > These help ICMP only where the entire payload is > included in the ICMP reply - which goes back to the point I made earlier > about validation needing to do the same thing, BTW. Trusted edge filtering is good security. An ISP or an enterprise could (and in fact _do_) perform that. Spoofed TCP attacks inside such a network are prevented -- but ICMP offers a gaping hole. Ergo, if the IETF believes this scenario is sufficiently common and/or convincing, this needs to be fixed (and it may make sense to fix it in any case). It should be obvious, but IMHO this scenario calls for a specific solution, not just 'use IPsec'. A majority of networks have prevented spoofing already [http://spoofer.csail.mit.edu/], and internal protection from ICMP attacks is required. -- Pekka Savola "You each name yourselves king, yet the Netcore Oy kingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings _______________________________________________ tcpm mailing list tcpm@ietf.org https://www1.ietf.org/mailman/listinfo/tcpm
- [tcpm] ICMP attacks draft (issue 1): hard errors … Fernando Gont
- Re: [tcpm] ICMP attacks draft (issue 1): hard err… Joe Touch
- Re: [tcpm] ICMP attacks draft (issue 1): hard err… Fernando Gont
- Re: [tcpm] ICMP attacks draft (issue 1): hard err… Ted Faber
- Re: [tcpm] ICMP attacks draft (issue 1): hard err… Joe Touch
- Re: [tcpm] ICMP attacks draft (issue 1): hard err… Fernando Gont
- Re: [tcpm] ICMP attacks draft (issue 1): hard err… Fernando Gont
- Re: [tcpm] ICMP attacks draft (issue 1): hard err… Fernando Gont
- Re: [tcpm] ICMP attacks draft (issue 1): hard err… Joe Touch
- Re: [tcpm] ICMP attacks draft (issue 1): hard err… Joe Touch
- Re: [tcpm] ICMP attacks draft (issue 1): hard err… Fernando Gont
- Re: [tcpm] ICMP attacks draft (issue 1): hard err… Joe Touch
- Re: [tcpm] ICMP attacks draft (issue 1): hard err… Fernando Gont
- Re: [tcpm] ICMP attacks draft (issue 1): hard err… Joe Touch
- Re: [tcpm] ICMP attacks draft (issue 1): hard err… Fernando Gont
- Re: [tcpm] ICMP attacks draft (issue 1): hard err… Joe Touch
- Re: [tcpm] ICMP attacks draft (issue 1): hard err… Lloyd Wood
- Re: [tcpm] ICMP attacks draft (issue 1): hard err… Jakob Heitz
- Re: [tcpm] ICMP attacks draft (issue 1): hard err… Fernando Gont
- Re: [tcpm] ICMP attacks draft (issue 1): hard err… Ted Faber
- Re: [tcpm] ICMP attacks draft (issue 1): hard err… Fernando Gont
- Re: [tcpm] ICMP attacks draft (issue 1): hard err… Joe Touch
- Re: [tcpm] ICMP attacks draft (issue 1): hard err… Fernando Gont
- Re: [tcpm] ICMP attacks draft (issue 1): hard err… Joe Touch
- Re: [tcpm] ICMP attacks draft (issue 1): hard err… Lloyd Wood
- Re: [tcpm] ICMP attacks draft (issue 1): hard err… Ted Faber
- Re: [tcpm] ICMP attacks draft (issue 1): hard err… Ted Faber
- Re: [tcpm] ICMP attacks draft (issue 1): hard err… Ted Faber
- Re: [tcpm] ICMP attacks draft (issue 1): hard err… Joe Touch
- tcpm-antispoof and TCP's weakness [Re: [tcpm] ICM… Pekka Savola
- Re: tcpm-antispoof and TCP's weakness [Re: [tcpm]… Joe Touch
- Re: tcpm-antispoof and TCP's weakness [Re: [tcpm]… Pekka Savola