[tcpm] ICMP attacks draft (issue 3): TCP SEQ check
Fernando Gont <fernando@gont.com.ar> Fri, 23 September 2005 11:20 UTC
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EIlbE-0005Y4-5E; Fri, 23 Sep 2005 07:20:16 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EIlbA-0005SW-7v for tcpm@megatron.ietf.org; Fri, 23 Sep 2005 07:20:13 -0400
Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id HAA08333 for <tcpm@ietf.org>; Fri, 23 Sep 2005 07:20:11 -0400 (EDT)
Received: from server.frh.utn.edu.ar ([170.210.17.146] ident=qmailr) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1EIlhX-0003Ts-5R for tcpm@ietf.org; Fri, 23 Sep 2005 07:26:50 -0400
Received: (qmail 25342 invoked from network); 23 Sep 2005 11:19:20 -0000
Received: from unknown (HELO fgont.gont.com.ar) (gont-fernando@200.70.176.40) by server.frh.utn.edu.ar with SMTP; 23 Sep 2005 11:19:20 -0000
Message-Id: <6.2.0.14.0.20050923080242.0461d4a8@pop.frh.utn.edu.ar>
X-Mailer: QUALCOMM Windows Eudora Version 6.2.0.14
Date: Fri, 23 Sep 2005 08:08:03 -0300
To: tcpm@ietf.org
From: Fernando Gont <fernando@gont.com.ar>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
X-Spam-Score: 2.9 (++)
X-Scan-Signature: 52e1467c2184c31006318542db5614d5
Subject: [tcpm] ICMP attacks draft (issue 3): TCP SEQ check
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
Sender: tcpm-bounces@ietf.org
Errors-To: tcpm-bounces@ietf.org
Folks, Issue 3: The draft proposes to check the TCP sequence number contained in the payload of the ICMP messages. The idea is that errors should be caused by segments that have been sent, but not yet acknowledged. This is a general check, which check for the staleness of the error messages. We are performing the same check for TCP segments, so why not perform the same check for errors that are supposed to have been elicited by the connection? If an error message does not pass tis check, it means that either the error is old (and thus it's okay to discard it), or that there's still a path to get to the destination system (and thus, for the sake of TCP's robustness, we should not honor the error message). Even then, ICMP is unreliable. Dropping a legitimate ICMP error message can't hurt you, anyway. Comments? Linux has been performing this check for years. OpenBSD has been performing this check for more than a year. FreeBSD and NetBSD have been performing this check for several months now. Kindest regards, -- Fernando Gont e-mail: fernando@gont.com.ar || fgont@acm.org _______________________________________________ tcpm mailing list tcpm@ietf.org https://www1.ietf.org/mailman/listinfo/tcpm
- [tcpm] ICMP attacks draft (issue 3): TCP SEQ check Fernando Gont
- Re: [tcpm] ICMP attacks draft (issue 3): TCP SEQ … Joe Touch
- Re: [tcpm] ICMP attacks draft (issue 3): TCP SEQ … Fernando Gont
- Re: [tcpm] ICMP attacks draft (issue 3): TCP SEQ … Joe Touch