Re: [tcpm] WG Last Call for ICMP Attacks

Lars Eggert <lars.eggert@nokia.com> Wed, 09 September 2009 05:48 UTC

Return-Path: <lars.eggert@nokia.com>
X-Original-To: tcpm@core3.amsl.com
Delivered-To: tcpm@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 65E563A69B5 for <tcpm@core3.amsl.com>; Tue, 8 Sep 2009 22:48:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Tgo+qDZjX2cD for <tcpm@core3.amsl.com>; Tue, 8 Sep 2009 22:48:48 -0700 (PDT)
Received: from mail.fit.nokia.com (mail.fit.nokia.com [195.148.124.195]) by core3.amsl.com (Postfix) with ESMTP id 620C83A67A4 for <tcpm@ietf.org>; Tue, 8 Sep 2009 22:48:31 -0700 (PDT)
Received: from [192.168.11.109] ([88.218.117.32]) (authenticated bits=0) by mail.fit.nokia.com (8.14.3/8.14.3) with ESMTP id n895maNM046553 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT); Wed, 9 Sep 2009 08:48:43 +0300 (EEST) (envelope-from lars.eggert@nokia.com)
Mime-Version: 1.0 (Apple Message framework v1075.2)
Content-Type: multipart/signed; boundary=Apple-Mail-68--709801162; protocol="application/pkcs7-signature"; micalg=sha1
From: Lars Eggert <lars.eggert@nokia.com>
In-Reply-To: <4AA73910.7080002@gont.com.ar>
Date: Wed, 9 Sep 2009 08:48:25 +0300
Message-Id: <E5CDE1B5-1BF7-4E47-97B9-C37B2EA6FA1E@nokia.com>
References: <F1534040-EA0D-44E4-98F7-67C24CD12CCF@windriver.com> <B01905DA0C7CDC478F42870679DF0F1005B64E383D@qtdenexmbm24.AD.QINTRA.COM> <4A9F4AB1.6070605@gont.com.ar> <4AA6E2CC.2000905@isi.edu> <4AA73910.7080002@gont.com.ar>
To: Fernando Gont <fernando@gont.com.ar>
X-Mailer: Apple Mail (2.1075.2)
Cc: "Smith, Donald" <Donald.Smith@qwest.com>, 'tcpm Extensions WG' <tcpm@ietf.org>, 'David Borman' <david.borman@windriver.com>, Joe Touch <touch@ISI.EDU>
Subject: Re: [tcpm] WG Last Call for ICMP Attacks
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tcpm>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Sep 2009 05:48:49 -0000

On 2009-9-9, at 8:11, Fernando Gont wrote:
> Could you clarify what you have in mind, specificaly? ICMP error
> messages being assigned lower priority than normal traffic, or what?
> FWIW, routers typically rate-limit ICMP errors...

They are also sometimes forwarded at (much) lower priority, and esp.  
some CE devices have huge buffers that when full can lead to seconds  
of delay. (That's one factor why ICMPs may be arriving much later than  
the corresponding TCP segments, there may be others.

(Who knows if some ITU-T transport network architecture defines a  
centralized "control plane signaling generator box" that sends out  
ICMPs on behalf of an entire network, for example. Yes, this is a made- 
up example.)

Lars