IETF Logo Mail Archive

Re: [tcpm] ICMP attacks draft (issue 1): hard errors -> soft errors (in synchronized states)

Fernando Gont <fernando@gont.com.ar> Tue, 27 September 2005 14:15 UTC

Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EKGFO-00039X-7y; Tue, 27 Sep 2005 10:15:54 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EKGFM-00038k-Aw for tcpm@megatron.ietf.org; Tue, 27 Sep 2005 10:15:52 -0400
Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA11129 for <tcpm@ietf.org>; Tue, 27 Sep 2005 10:15:50 -0400 (EDT)
Received: from server.frh.utn.edu.ar ([170.210.17.146] ident=qmailr) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1EKGMa-0006Xy-B8 for tcpm@ietf.org; Tue, 27 Sep 2005 10:23:22 -0400
Received: (qmail 29737 invoked from network); 27 Sep 2005 14:15:06 -0000
Received: from 200-70-144-105.mrse.com.ar (HELO fgont.gont.com.ar) (gont-fernando@200.70.144.105) by server.frh.utn.edu.ar with SMTP; 27 Sep 2005 14:15:06 -0000
Message-Id: <6.2.0.14.0.20050927110513.04010528@pop.frh.utn.edu.ar>
X-Mailer: QUALCOMM Windows Eudora Version 6.2.0.14
Date: Tue, 27 Sep 2005 11:13:06 -0300
To: Ted Faber <faber@ISI.EDU>
From: Fernando Gont <fernando@gont.com.ar>
Subject: Re: [tcpm] ICMP attacks draft (issue 1): hard errors -> soft errors (in synchronized states)
In-Reply-To: <20050923165017.GD10959@pun.isi.edu>
References: <6.2.0.14.0.20050923075214.0428faa8@pop.frh.utn.edu.ar> <433411E2.3020005@isi.edu> <6.2.0.14.0.20050923125332.04320008@pop.frh.utn.edu.ar> <20050923165017.GD10959@pun.isi.edu>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
X-Spam-Score: 3.5 (+++)
X-Scan-Signature: 69a74e02bbee44ab4f8eafdbcedd94a1
Cc: tcpm@ietf.org, Joe Touch <touch@ISI.EDU>
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
Sender: tcpm-bounces@ietf.org
Errors-To: tcpm-bounces@ietf.org

At 01:50 p.m. 23/09/2005, you wrote:

>Imagine a host that speaks IPv4 and TCP.  You connect to it.  The host
>goes down and reboots (fairly quickly), but it's flag day, and the host
>now no longer supports IPv4 at all, or no longer supports TCP at all.
[....]
>The point is that for whatever reason, all the host can do is send a
>Protocol Not Supported ICMP, because the TCP stack will not be reached
>(the postulate is that the host has stopped speaking either TCP or
>IPv4).  Because the packet can't get to the TCP stack (which may not be
>running at all), the host can't generate an RST.

Imagine that your connection is operating over a long fat pipe (large 
bandwidth delay product), and assume you are implementing RFC1323 for PAWS.

The ICMP message may contain just the first 64 bits of the original IP 
datagram that elicited the error (i.e., no timestamps).

You might end-up aborting a connection in response to an error message 
caused by an old segment.

Just another scenario in which the same mechanism/feature protects you both 
from incidental (stale error message, in this case) and intentional (as in 
the ICMP-based reset attack).

So my take is that aborting the connection could probably be not the most 
sensible thing to do in this case, either.

Kindest regards,

--
Fernando Gont
e-mail: fernando@gont.com.ar || fgont@acm.org






_______________________________________________
tcpm mailing list
tcpm@ietf.org
https://www1.ietf.org/mailman/listinfo/tcpm

v2.23.0 | Report a Bug | By Email