IETF Logo Mail Archive

Re: [tcpm] feedcback on tcp-secure-05: suggested text

Randall Stewart <rrs@cisco.com> Tue, 18 July 2006 20:22 UTC

Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1G2w5R-0002IZ-Qj; Tue, 18 Jul 2006 16:22:33 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1G2w5Q-0002IU-QR for tcpm@ietf.org; Tue, 18 Jul 2006 16:22:32 -0400
Received: from sj-iport-4.cisco.com ([171.68.10.86]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1G2w5P-0002x0-Cb for tcpm@ietf.org; Tue, 18 Jul 2006 16:22:32 -0400
Received: from sj-dkim-6.cisco.com ([171.68.10.81]) by sj-iport-4.cisco.com with ESMTP; 18 Jul 2006 13:22:30 -0700
X-IronPort-AV: i="4.06,255,1149490800"; d="scan'208"; a="1839630781:sNHT26583896"
Received: from sj-core-3.cisco.com (sj-core-3.cisco.com [171.68.223.137]) by sj-dkim-6.cisco.com (8.12.11.20060308/8.12.11) with ESMTP id k6IKMUlk011555; Tue, 18 Jul 2006 13:22:30 -0700
Received: from xbh-sjc-211.amer.cisco.com (xbh-sjc-211.cisco.com [171.70.151.144]) by sj-core-3.cisco.com (8.12.10/8.12.6) with ESMTP id k6IKMU79029994; Tue, 18 Jul 2006 13:22:30 -0700 (PDT)
Received: from xfe-sjc-212.amer.cisco.com ([171.70.151.187]) by xbh-sjc-211.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Tue, 18 Jul 2006 13:22:30 -0700
Received: from [127.0.0.1] ([171.68.225.134]) by xfe-sjc-212.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Tue, 18 Jul 2006 13:22:29 -0700
Message-ID: <44BD430B.50401@cisco.com>
Date: Tue, 18 Jul 2006 16:22:35 -0400
From: Randall Stewart <rrs@cisco.com>
User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7.12) Gecko/20060223
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Ted Faber <faber@ISI.EDU>
Subject: Re: [tcpm] feedcback on tcp-secure-05: suggested text
References: <44B682AB.9010702@isi.edu> <7.0.1.0.0.20060715162015.085dce90@gont.com.ar> <44BB1965.9070305@isi.edu> <20060717180238.GE38453@hut.isi.edu> <20060718181852.GC50683@hut.isi.edu>
In-Reply-To: <20060718181852.GC50683@hut.isi.edu>
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Content-Transfer-Encoding: 7bit
X-OriginalArrivalTime: 18 Jul 2006 20:22:30.0168 (UTC) FILETIME=[E4CF2980:01C6AAA7]
DKIM-Signature: a=rsa-sha1; q=dns; l=2203; t=1153254150; x=1154118150; c=relaxed/simple; s=sjdkim6002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=rrs@cisco.com; z=From:Randall=20Stewart=20<rrs@cisco.com> |Subject:Re=3A=20[tcpm]=20feedcback=20on=20tcp-secure-05=3A=20suggested=20text; X=v=3Dcisco.com=3B=20h=3DOVpHT6NinKlng9MllXpBrxl2DH8=3D; b=WuNJseyRO01JlfquwltJVvchzxPLToS8hRzJ2regbpqFRIYhhZ8gorflKKwhiTEUBrPzh3V9 2b03kl66iDXZMJK6I7arK/PgLtwtC95gN2suER3YheSSqh/jwLsUsBx/;
Authentication-Results: sj-dkim-6.cisco.com; header.From=rrs@cisco.com; dkim=pass ( sig from cisco.com verified; );
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 082a9cbf4d599f360ac7f815372a6a15
Cc: tcpm@ietf.org
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
Errors-To: tcpm-bounces@ietf.org

Ted/All:

With the minor tweak of pointing directly to
6.1.1 .. I think what you have proposed is
the right set of wording..

Getting bogged down in a ICMP attack issues disortation
is silly and detracts from what we are trying to do...
get tcp-secure finished...

We can have a food-fight over the ICMP attacks document
in the space of that document...

R

Ted Faber wrote:
> I've attached some text that I'd like to propose for the Security
> Considerations secition of this draft in an effort to make its scope
> clear and hopefully address some of Joe's concerns about ICMP.
> 
> This is just me, a participant, making the suggestion.
> 
> Text is attached.  Let me know what you think.
> 
> 
> 
> ------------------------------------------------------------------------
> 
> 
> 
> Implementors should be aware that the attacks detailed in this
> specification are not the only attacks available to an off-path attacker
> and that the countermeasures described herein are not a comprehensive
> defense against such attacks.
> 
> In particular, administrators should be aware that forged ICMP messages
> provide off-path attackers the opportunity to disrupt connections or
> degrade service.  Such attacks may be subject to even less scrutiny than
> the TCP attacks addressed here, especially in stacks not tuned for
> hostile environments.  Section 6.1 of RFC4301 describes the issues
> associated with unauthenticated ICMP messages, e.g., messages from an
> off-path attacker, and is a good starting point for formulating a policy
> on those messages.
> 
> In any case, this RFC details only part of a complete strategy to
> prevent off-path attackers from disrupting services that use TCP.
> Administrators and implementors should consider the other attack vectors
> and determine appropriate mitigations in securing their systems.
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> tcpm mailing list
> tcpm@ietf.org
> https://www1.ietf.org/mailman/listinfo/tcpm


-- 
Randall Stewart
NSSTG - Cisco Systems Inc.
803-345-0369 <or> 815-342-5222 (cell)

_______________________________________________
tcpm mailing list
tcpm@ietf.org
https://www1.ietf.org/mailman/listinfo/tcpm

v2.23.0 | Report a Bug | By Email