Re: [tcpm] ICMP attacks draft (issue 3): TCP SEQ check
Joe Touch <touch@ISI.EDU> Fri, 23 September 2005 14:30 UTC
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EIoZI-0003Yp-Lq; Fri, 23 Sep 2005 10:30:28 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EIoZF-0003YV-KE for tcpm@megatron.ietf.org; Fri, 23 Sep 2005 10:30:25 -0400
Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA18523 for <tcpm@ietf.org>; Fri, 23 Sep 2005 10:30:23 -0400 (EDT)
Received: from boreas.isi.edu ([128.9.160.161]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1EIofe-0008Fp-BJ for tcpm@ietf.org; Fri, 23 Sep 2005 10:37:05 -0400
Received: from [192.168.1.47] (pool-71-106-130-244.lsanca.dsl-w.verizon.net [71.106.130.244]) by boreas.isi.edu (8.11.6p2+0917/8.11.2) with ESMTP id j8NEStn19198; Fri, 23 Sep 2005 07:28:55 -0700 (PDT)
Message-ID: <43341121.6040907@isi.edu>
Date: Fri, 23 Sep 2005 07:28:49 -0700
From: Joe Touch <touch@ISI.EDU>
User-Agent: Mozilla Thunderbird 1.0.2 (Windows/20050317)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Fernando Gont <fernando@gont.com.ar>
Subject: Re: [tcpm] ICMP attacks draft (issue 3): TCP SEQ check
References: <6.2.0.14.0.20050923080242.0461d4a8@pop.frh.utn.edu.ar>
In-Reply-To: <6.2.0.14.0.20050923080242.0461d4a8@pop.frh.utn.edu.ar>
X-Enigmail-Version: 0.92.0.0
X-ISI-4-43-8-MailScanner: Found to be clean
X-MailScanner-From: touch@isi.edu
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 8b431ad66d60be2d47c7bfeb879db82c
Cc: tcpm@ietf.org
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============1652685630=="
Sender: tcpm-bounces@ietf.org
Errors-To: tcpm-bounces@ietf.org
Fernando Gont wrote: > Folks, > > Issue 3: The draft proposes to check the TCP sequence number contained > in the payload of the ICMP messages. > The idea is that errors should be caused by segments that have been > sent, but not yet acknowledged. > > This is a general check, which check for the staleness of the error > messages. We are performing the same check for TCP segments, so why not > perform the same check for errors that are supposed to have been > elicited by the connection? TCP checks the checksum AND MD5 option (if the latter exists) first; if you do these checks first, then it is OK to check the SEQNUM. If not enough of the segment exists to do so, then it is incorrect to interpret any of the rest of the fields. > Linux has been performing this check for years. OpenBSD has been > performing this check for more than a year. FreeBSD and NetBSD have been > performing this check for several months now. The fact that many people implemented TCP bugs incorrectly warranted a document on why what they did was incorrect, not a document to validate it - regardless of the lack of noted errors. The statement above is not germane to this dicussion. Joe
_______________________________________________ tcpm mailing list tcpm@ietf.org https://www1.ietf.org/mailman/listinfo/tcpm
- [tcpm] ICMP attacks draft (issue 3): TCP SEQ check Fernando Gont
- Re: [tcpm] ICMP attacks draft (issue 3): TCP SEQ … Joe Touch
- Re: [tcpm] ICMP attacks draft (issue 3): TCP SEQ … Fernando Gont
- Re: [tcpm] ICMP attacks draft (issue 3): TCP SEQ … Joe Touch