Re: [tcpm] tcp-security: Request for feedback on the outline of the document

[Joe Touch <touch@ISI.EDU>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



Fernando Gont wrote:
> Eddy, Wesley M. (GRC-MS00)[Verizon] wrote:
> 
> 
>>> Then it'd be useful to break down TCP into its component parts, as
>>> introduced in 2a:
>>>
>>> 	3 control attacks
>>> 		header fields
>>> 		option fields
>>> 		connection establishment
>>> 		connection termination
>>> 		port scanning
> [....]
>> I like the hierarchy that Joe suggests; it groups similar issues and
>> recommendations together, and I agree with  him that it would pose
>> no difficulty for implementers to use.
> 
> I think that for many attacks, the outline Joe is proposing becomes
> ambiguous.
> 
> e.g., think about the "Rose attack" described in the MSS section. The
> attack employs the TCP MSS option (and thus would be included in
> "control attacks" according to Joe's outline). However, the attack
> attempts to degrade performance. So.. where would the attack be finally
> included?
> 
> Joe argues that "info leaking" and that port scanning is a "control
> attack". But one might argue that port scanning is, in some sense, an
> info leaking attack.

That's a property of any way of organizing the topics - there are bound
to be overlapping cases. The issue to me is that the outline I proposed
has easily recognized structure to it, and I at least know where various
attacks should go (even if they go in one place and are cross-referenced
and also discussed in others).

Joe

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iD8DBQFKlDzqE5f5cImnZrsRAsh4AKC6IVV3YsRKffKyhpT31tWy35TF2wCfdeR+
iZPojsKI6SCcBhmC2hM3Ubc=
=6s++
-----END PGP SIGNATURE-----