IETF Logo Mail Archive

Re: [tcpm] ICMP attacks draft (issue 1): hard errors -> soft errors (in synchronized states)

Joe Touch <touch@ISI.EDU> Fri, 23 September 2005 14:33 UTC

Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EIocR-0004Dj-Ek; Fri, 23 Sep 2005 10:33:43 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EIocQ-0004Dd-Ex for tcpm@megatron.ietf.org; Fri, 23 Sep 2005 10:33:42 -0400
Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA18695 for <tcpm@ietf.org>; Fri, 23 Sep 2005 10:33:40 -0400 (EDT)
Received: from boreas.isi.edu ([128.9.160.161]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1EIois-0008Jo-JG for tcpm@ietf.org; Fri, 23 Sep 2005 10:40:23 -0400
Received: from [192.168.1.47] (pool-71-106-130-244.lsanca.dsl-w.verizon.net [71.106.130.244]) by boreas.isi.edu (8.11.6p2+0917/8.11.2) with ESMTP id j8NEW8n19874; Fri, 23 Sep 2005 07:32:08 -0700 (PDT)
Message-ID: <433411E2.3020005@isi.edu>
Date: Fri, 23 Sep 2005 07:32:02 -0700
From: Joe Touch <touch@ISI.EDU>
User-Agent: Mozilla Thunderbird 1.0.2 (Windows/20050317)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Fernando Gont <fernando@gont.com.ar>
Subject: Re: [tcpm] ICMP attacks draft (issue 1): hard errors -> soft errors (in synchronized states)
References: <6.2.0.14.0.20050923075214.0428faa8@pop.frh.utn.edu.ar>
In-Reply-To: <6.2.0.14.0.20050923075214.0428faa8@pop.frh.utn.edu.ar>
X-Enigmail-Version: 0.92.0.0
X-ISI-4-43-8-MailScanner: Found to be clean
X-MailScanner-From: touch@isi.edu
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 7aafa0432175920a4b3e118e16c5cb64
Cc: tcpm@ietf.org
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============0720111011=="
Sender: tcpm-bounces@ietf.org
Errors-To: tcpm-bounces@ietf.org


Fernando Gont wrote:
> Folks
> 
> I will separate the discussion into different issues, so that it is
> easier to get consensus on the different parts of the draft.
> 
> Issue 1 is: When a so-called ICMP "hard error" is received for a
> connection in any of the synchronized states (ESTABLISHED and so on),
> treat the error message as a soft error (i.e., do NOT abort the
> corresponding connection).

WHY? Such an error could occur due to a reboot. It is legitimate operation.

> This improves TCP's robustness. In the event the error condition does
> not disappear in the near term, the connection will time out, anyway.

Now I'm confused. If a node were to have IPv4 and reboot with IPv6, you
want it to timeout. But your other draft wants to kill the TCP attempt
to connect *immediately* so you can retry.

So which is it? is restarting TCP connections important or not?

IMO, there is no reason to change TCP's behavior here, and it's
sufficient to leave it alone.

---

The whole tone of this doc is that there are attacks that need to be
dealt with; it ignores cases where such messages are sent legitimately.

Joe

_______________________________________________
tcpm mailing list
tcpm@ietf.org
https://www1.ietf.org/mailman/listinfo/tcpm

v2.23.0 | Report a Bug | By Email