[tcpm] AD review: draft-ietf-tcpm-syn-flood-02
Lars Eggert <lars.eggert@nokia.com> Wed, 28 March 2007 08:15 UTC
Return-path: <tcpm-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1HWTJG-0001Pv-3a; Wed, 28 Mar 2007 04:15:10 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1HWTJD-0001PK-No for tcpm@ietf.org; Wed, 28 Mar 2007 04:15:07 -0400
Received: from smtp.nokia.com ([131.228.20.170] helo=mgw-ext11.nokia.com) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1HWTJ7-0005x5-AK for tcpm@ietf.org; Wed, 28 Mar 2007 04:15:07 -0400
Received: from esebh106.NOE.Nokia.com (esebh106.ntc.nokia.com [172.21.138.213]) by mgw-ext11.nokia.com (Switch-3.2.5/Switch-3.2.5) with ESMTP id l2S8EWnE002613; Wed, 28 Mar 2007 11:14:55 +0300
Received: from esebh104.NOE.Nokia.com ([172.21.143.34]) by esebh106.NOE.Nokia.com with Microsoft SMTPSVC(6.0.3790.1830); Wed, 28 Mar 2007 11:14:37 +0300
Received: from esebh102.NOE.Nokia.com ([172.21.138.183]) by esebh104.NOE.Nokia.com with Microsoft SMTPSVC(6.0.3790.1830); Wed, 28 Mar 2007 11:14:37 +0300
Received: from mgw-int01.ntc.nokia.com ([172.21.143.96]) by esebh102.NOE.Nokia.com over TLS secured channel with Microsoft SMTPSVC(6.0.3790.1830); Wed, 28 Mar 2007 11:14:37 +0300
Received: from [172.21.35.25] (esdhcp03525.research.nokia.com [172.21.35.25]) by mgw-int01.ntc.nokia.com (Switch-3.2.5/Switch-3.2.5) with ESMTP id l2S8EZan016775; Wed, 28 Mar 2007 11:14:36 +0300
In-Reply-To: <20070327212827.GE26658@hut.isi.edu>
References: <20070327212827.GE26658@hut.isi.edu>
Mime-Version: 1.0 (Apple Message framework v752.3)
Message-Id: <CF58182A-5AA6-442C-B43D-D51F67DE7867@nokia.com>
From: Lars Eggert <lars.eggert@nokia.com>
Date: Wed, 28 Mar 2007 11:14:32 +0300
To: tcpm@ietf.org
X-Mailer: Apple Mail (2.752.3)
X-OriginalArrivalTime: 28 Mar 2007 08:14:37.0702 (UTC) FILETIME=[20807260:01C77111]
X-eXpurgate-Category: 1/0
X-eXpurgate-ID: 149371::070328111455-08304BB0-14F59DC0/0-0/0-1
X-Nokia-AV: Clean
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 225414c974e0d6437992164e91287a51
Cc: tcpm-chairs@tools.ietf.org, Wesley Eddy <weddy@grc.nasa.gov>
Subject: [tcpm] AD review: draft-ietf-tcpm-syn-flood-02
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============0582138516=="
Errors-To: tcpm-bounces@ietf.org
Summary: Basically good to go. --- COMMENTS ------------------------------------------------ INTRODUCTION, paragraph 13: > This document archives explanations of the attack and > common defense techniques for the benefit of TCP implementers and > administrators of TCP servers or networks. Suggest to add "but does not make any standards-level recommendations." Section 2.1., paragraph 4: > Some of these techniques have > become important pieces of the TCP implementations in certain > operating systems, although some significantly diverge from the TCP > specification and have not yet been standardized or sanctioned by the > IETF process. s/and have not yet been/and none of these techniques have been/ Section 2.2., paragraph 6: > The goal is to send > a quick barrage of SYN segments from spoofed IP addresses that will "from spoofed IP addresses" - not necessarily spoofed; think botnets (you discuss this below) Section 4., paragraph 0: > 4. Analysis Part of this section discusses history - move those parts into Section 2.1? --- NITS --------------------------------------------------- Section 2.2., paragraph 15: > network. The attack also attepts to prevent only the establishment Nit: s/attepts/attempts/ Section 2.2., paragraph 17: > case, each host utilized in the attack would have to supress its Nit: s/supress/suppress/ Section 3.2., paragraph 1: > An obvious attempt at defense is for end hosts to use a larger Nit: s/at defense/at a defense/ Section 3.4., paragraph 3: > Measurments at one site's border router [All07] logged 2,545,785 SYN Nit: s/Measurments/Measurements/ Section 3.5., paragraph 3: > attack, or via adminstrative action. Nit: s/adminstrative/administrative/ Section 7.0, paragraph 0: > way that it is from the sequence number / acknowledgedment in a basic Nit: s/acknowledgedment/acknowledgment/ Section 7.0, paragraph 1: > compromises inherrent in SYN cookies is unique to the FreeBSD Nit: s/inherrent/inherent/ Section 7.0, paragraph 4: > the passive side side's application-layer never is notified of the Nit: s/side side's/side's/ Appendix A., paragraph 2: > number, MSS, a time counter, and the relevent addresses and port Nit: s/relevent/relevant/
_______________________________________________ tcpm mailing list tcpm@ietf.org https://www1.ietf.org/mailman/listinfo/tcpm
- [tcpm] WGLC for SYN flooding Ted Faber
- [tcpm] AD review: draft-ietf-tcpm-syn-flood-02 Lars Eggert
- Re: [tcpm] WGLC for SYN flooding Mark Allman
- RE: [tcpm] WGLC for SYN flooding Caitlin Bestler
- Re: [tcpm] WGLC for SYN flooding Mark Allman