IETF Logo Mail Archive

Re: [tcpm] ICMP attacks draft (issue 1): hard errors -> soft errors (in synchronized states)

Fernando Gont <fernando@gont.com.ar> Tue, 27 September 2005 06:22 UTC

Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EK8qm-0005u4-2u; Tue, 27 Sep 2005 02:22:00 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EK8qj-0005tn-TC for tcpm@megatron.ietf.org; Tue, 27 Sep 2005 02:21:58 -0400
Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id CAA16867 for <tcpm@ietf.org>; Tue, 27 Sep 2005 02:21:56 -0400 (EDT)
Received: from server.frh.utn.edu.ar ([170.210.17.146] ident=qmailr) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1EK8xg-0002aW-FX for tcpm@ietf.org; Tue, 27 Sep 2005 02:29:23 -0400
Received: (qmail 24156 invoked from network); 27 Sep 2005 06:20:56 -0000
Received: from unknown (HELO fgont.gont.com.ar) (gont-fernando@200.70.146.149) by server.frh.utn.edu.ar with SMTP; 27 Sep 2005 06:20:56 -0000
Message-Id: <6.2.0.14.0.20050927015438.07c2a418@pop.frh.utn.edu.ar>
X-Mailer: QUALCOMM Windows Eudora Version 6.2.0.14
Date: Tue, 27 Sep 2005 02:09:48 -0300
To: Ted Faber <faber@ISI.EDU>
From: Fernando Gont <fernando@gont.com.ar>
Subject: Re: [tcpm] ICMP attacks draft (issue 1): hard errors -> soft errors (in synchronized states)
In-Reply-To: <20050923165017.GD10959@pun.isi.edu>
References: <6.2.0.14.0.20050923075214.0428faa8@pop.frh.utn.edu.ar> <433411E2.3020005@isi.edu> <6.2.0.14.0.20050923125332.04320008@pop.frh.utn.edu.ar> <20050923165017.GD10959@pun.isi.edu>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 69a74e02bbee44ab4f8eafdbcedd94a1
Cc: tcpm@ietf.org, Joe Touch <touch@ISI.EDU>
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
Sender: tcpm-bounces@ietf.org
Errors-To: tcpm-bounces@ietf.org

At 01:50 p.m. 23/09/2005, Ted Faber wrote:

>The point is that for whatever reason, all the host can do is send a
>Protocol Not Supported ICMP, because the TCP stack will not be reached
>(the postulate is that the host has stopped speaking either TCP or
>IPv4).  Because the packet can't get to the TCP stack (which may not be
>running at all), the host can't generate an RST.
>
>Of course, if no ICMP is generated or gets through, the ESTABLISHED TCP
>will eventually have a UTO and abort the connection.
>
>Yes, this is a pretty bizarre case, but it is a valid hard error in an
>ESTABLISHED state, and one where aborting the connection is the most
>sensible thing to do.

So we would keep connections vulnerable to reset attacks for that 1 in 
1000000th chance in which this scenario might take place?
(And, btw, in the event that happened, why would ignoring the ICMP message 
hurt you? For instance, the proposed policy does not prevent the 
application layer from being notified of the received ICMP error message! 
So this means you still let the application shoot itself, if it wants to! :-) )

Also, if there's consensus on the side of "not doing anything about this", 
then my next question/comment would be "Does it make sense to modify TCP's 
state transition diagram (as we currently are) to address TCP-based reset 
attacks, then? An attacker will use ICMP-based ones, because they are much 
easier to perform!"

Kindest regards,

--
Fernando Gont
e-mail: fernando@gont.com.ar || fgont@acm.org






_______________________________________________
tcpm mailing list
tcpm@ietf.org
https://www1.ietf.org/mailman/listinfo/tcpm

v2.23.0 | Report a Bug | By Email