IETF Logo Mail Archive

Re: [tcpm] ICMP attacks draft

Joe Touch <touch@ISI.EDU> Tue, 18 July 2006 23:54 UTC

Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1G2zO5-0005q5-HJ; Tue, 18 Jul 2006 19:54:01 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1G2zO3-0005q0-V9 for tcpm@ietf.org; Tue, 18 Jul 2006 19:53:59 -0400
Received: from vapor.isi.edu ([128.9.64.64]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1G2zO1-0002H1-H6 for tcpm@ietf.org; Tue, 18 Jul 2006 19:53:59 -0400
Received: from [128.9.168.63] (bet.isi.edu [128.9.168.63]) by vapor.isi.edu (8.11.6p2+0917/8.11.2) with ESMTP id k6INqdH02739; Tue, 18 Jul 2006 16:52:39 -0700 (PDT)
Message-ID: <44BD7441.9050206@isi.edu>
Date: Tue, 18 Jul 2006 16:52:33 -0700
From: Joe Touch <touch@ISI.EDU>
User-Agent: Thunderbird 1.5.0.4 (Windows/20060516)
MIME-Version: 1.0
To: Fernando Gont <fernando@gont.com.ar>
Subject: Re: [tcpm] ICMP attacks draft
References: <0C53DCFB700D144284A584F54711EC5801D9592B@xmb-sjc-21c.amer.cisco.com> <7.0.1.0.0.20060715153423.08601b58@gont.com.ar> <44BB1882.6030904@isi.edu> <7.0.1.0.0.20060717052818.064b28b8@gont.com.ar> <44BCE4FA.1050602@isi.edu> <7.0.1.0.0.20060718160252.066880d8@gont.com.ar> <44BD514C.2090704@isi.edu> <7.0.1.0.0.20060718192327.0427b290@gont.com.ar>
In-Reply-To: <7.0.1.0.0.20060718192327.0427b290@gont.com.ar>
X-Enigmail-Version: 0.94.0.0
X-ISI-4-43-8-MailScanner: Found to be clean
X-MailScanner-From: touch@isi.edu
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 3a4bc66230659131057bb68ed51598f8
Cc: tcpm@ietf.org, "Anantha Ramaiah (ananth)" <ananth@cisco.com>
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============1956249897=="
Errors-To: tcpm-bounces@ietf.org


Fernando Gont wrote:
> At 18:23 18/07/2006, Joe Touch wrote:
> 
> [(was Re: [tcpm] feedcback on tcp-secure-05)]
> 
>> > So, would you agree with the draft mentioning the ambiguity, and, as in
>> > the case of the other ICMP error codes, stating why it would make sense
>> > to treat them as soft errors, instead? (The "SHOULD" allows for that,
>> > after all).
>>
>> The specific reason and conditions for the SHOULD *must* (my must) be
>> addressed, IMO (presumably "connect established" at least, or making
>> forward progress at most - with caveats about change of behavior - for
>> better or worse - in certain multipath scenarios as already raised).
> 
> Okay.
> 
> So,
> 
> * The condition for all the so-called hard errors to be treated as soft
> errors is that the conenction must be in any of the synchronized states.
> * The reason for not honoring the SHOULD is that in hostile
> environments, its an attack vector that is easier to perform than
> others. (I will note the ambiguity in the case of port unreachables)
> * The good thing of the change is that it mitigates the above threat,
> and also improves TCP's robustness in the case of multipath scenarios.

I agree with these. It would also be useful to add - to the last one -
that this *changes* how TCP would behave in multipath scenarios and/or
path changes, which *may* make TCP less likely to _correctly_ rapidly
disconnect from a session when a routing change occurs that disconnects
endpoints.

(i.e., there are cases that this might not be the best choice; trading
robustness for reactiveness to failure is typical, but not always the
only choice).

Joe


> 
> Let me know if you agree with these and/or if I missed anything.
> 
> 
> 
>> > This assumes that:
>> > a) The system in question does not honor the "recommendation" in the
>> > ICMP attacks draft
>>
>> You're making recommendations about what the TCP should do regarding the
>> errors; that's not the same as what the application on top of TCP
>> would do.
> 
> I think this would be out of the scope of the document?
> 
> 
>> > b) ICMP error messages are passed to the application. In the Sockets
>> > API, they are passed only after a USER TIMEOUT.
>>
>> I don't recall anything in 1122 about how quickly soft errors must be
>> passed to the app, but they MUST be passed to the app. This implies that
>> soft errors aren't passed if a user timeout doesn't occur, which seems
>> like another violation that should be noted.
> 
> This seems out of scope, too.  We are not doing anything new wrt to
> whether TCP should handle ICMP errors to applications or not.
> 
> Kindest regards,
> 
> -- 
> Fernando Gont
> e-mail: fernando@gont.com.ar || fgont@acm.org
> PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1
> 
> 
> 
> 
> 
> 
> _______________________________________________
> tcpm mailing list
> tcpm@ietf.org
> https://www1.ietf.org/mailman/listinfo/tcpm


_______________________________________________
tcpm mailing list
tcpm@ietf.org
https://www1.ietf.org/mailman/listinfo/tcpm

v2.23.0 | Report a Bug | By Email