IETF Logo Mail Archive

Re: [tcpm] TCPM and draft-ietf-tcpm-icmp-attacks

Joe Touch <touch@ISI.EDU> Fri, 19 February 2010 17:37 UTC

Return-Path: <touch@ISI.EDU>
X-Original-To: tcpm@core3.amsl.com
Delivered-To: tcpm@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 95FFB28C1E0; Fri, 19 Feb 2010 09:37:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.491
X-Spam-Level:
X-Spam-Status: No, score=-2.491 tagged_above=-999 required=5 tests=[AWL=0.108, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BsMqAhgIvQWo; Fri, 19 Feb 2010 09:37:49 -0800 (PST)
Received: from nitro.isi.edu (nitro.isi.edu [128.9.208.207]) by core3.amsl.com (Postfix) with ESMTP id A9F1828C1B1; Fri, 19 Feb 2010 09:37:49 -0800 (PST)
Received: from [192.168.1.97] (pool-71-106-88-10.lsanca.dsl-w.verizon.net [71.106.88.10]) (authenticated bits=0) by nitro.isi.edu (8.13.8/8.13.8) with ESMTP id o1JHciWL011274 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Fri, 19 Feb 2010 09:38:45 -0800 (PST)
Message-ID: <4B7ECCA3.5000505@isi.edu>
Date: Fri, 19 Feb 2010 09:38:43 -0800
From: Joe Touch <touch@ISI.EDU>
User-Agent: Thunderbird 2.0.0.23 (Windows/20090812)
MIME-Version: 1.0
To: Fernando Gont <fernando@gont.com.ar>
References: <20100218175622.61BB028C2E3@core3.amsl.com> <2002D196-D83C-4B44-870C-8E9A94D2D640@nokia.com> <4B7D8B9F.1010608@piuha.net> <4B7D8F55.90406@piuha.net> <4B7D92EB.7010407@isi.edu> <4B7DE6B7.4080209@gont.com.ar>
In-Reply-To: <4B7DE6B7.4080209@gont.com.ar>
X-Enigmail-Version: 0.96.0
Content-Type: multipart/signed; micalg="pgp-sha1"; protocol="application/pgp-signature"; boundary="------------enigB88E664430C81A4315A80713"
X-MailScanner-ID: o1JHciWL011274
X-ISI-4-69-MailScanner: Found to be clean
X-MailScanner-From: touch@isi.edu
Cc: tcpm@ietf.org, iesg@ietf.org
Subject: Re: [tcpm] TCPM and draft-ietf-tcpm-icmp-attacks
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tcpm>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 19 Feb 2010 17:37:50 -0000


Fernando Gont wrote:
> Joe Touch wrote:
> 
>>> This would seem to imply that the TCPM WG has decided to deviate from
>>> the old IETF operating principle of "rough consensus and running code".
>> The short answer is that there wasn't rough consensus for these changes
>> in the WG, as explained in the note in the text.
> 
> I believe that the short answer is that *you* have done everything that
> was available to stop this document (and others) from moving forward.

The doc contains many items, some of which continue to be completely
inappropriate and incorrect (checking TCP sequence numbers), where
others are somewhat reasonable (port randomization).

One problem is that we never agreed on exactly what to focus on
recommending, as well as that TCP isn't the only protocol affected by
ICMP issues.

Another problem is that some of the responses may be appropriate when
under attack, but the overall tone of the document is that if a message
is "unexpected" it is malicious. That's the antithesis of "be liberal in
what you accept".

> It is interesting to note that one of the issues with with you have
> trashed this I-D is that it used vocabulary that could be taken as the
> draft "recommending" the described counter-measures. Yet, as the editor
> of the last version of the (close to infamous) TCP A-O effort, you have
> crafted this text:
> 
> "  There are other mechanisms proposed to reduce the impact
>    of ICMP attacks by further validating ICMP contents and changing the
>    effect of some messages based on TCP state"
> 
> Note the use of the term "proposed". (that's specifically what I'm
> referring to).

Yes, please do note it. "proposed" doesn't mean recommended.

The full text is:

   There are other mechanisms proposed to reduce the impact of ICMP
   attacks by further validating ICMP contents and changing the effect
   of some messages based on TCP state, but these do not provide the
   level of authentication for ICMP that TCP-AO provides for TCP [Go09].

It goes on to include SOME of the recommendations in this doc (but
notably not others, even though widely deployed). Note that these latter
changes were included because of *your* input *after* last call.

Joe

v2.23.0 | Report a Bug | By Email