Re: [tcpm] ICMP attacks draft (issue 1): hard errors -> soft errors (in synchronized states)
Fernando Gont <fernando@gont.com.ar> Tue, 27 September 2005 14:15 UTC
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EKGFO-00039X-7y; Tue, 27 Sep 2005 10:15:54 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EKGFM-00038k-Aw for tcpm@megatron.ietf.org; Tue, 27 Sep 2005 10:15:52 -0400
Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA11129 for <tcpm@ietf.org>; Tue, 27 Sep 2005 10:15:50 -0400 (EDT)
Received: from server.frh.utn.edu.ar ([170.210.17.146] ident=qmailr) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1EKGMa-0006Xy-B8 for tcpm@ietf.org; Tue, 27 Sep 2005 10:23:22 -0400
Received: (qmail 29737 invoked from network); 27 Sep 2005 14:15:06 -0000
Received: from 200-70-144-105.mrse.com.ar (HELO fgont.gont.com.ar) (gont-fernando@200.70.144.105) by server.frh.utn.edu.ar with SMTP; 27 Sep 2005 14:15:06 -0000
Message-Id: <6.2.0.14.0.20050927110513.04010528@pop.frh.utn.edu.ar>
X-Mailer: QUALCOMM Windows Eudora Version 6.2.0.14
Date: Tue, 27 Sep 2005 11:13:06 -0300
To: Ted Faber <faber@ISI.EDU>
From: Fernando Gont <fernando@gont.com.ar>
Subject: Re: [tcpm] ICMP attacks draft (issue 1): hard errors -> soft errors (in synchronized states)
In-Reply-To: <20050923165017.GD10959@pun.isi.edu>
References: <6.2.0.14.0.20050923075214.0428faa8@pop.frh.utn.edu.ar> <433411E2.3020005@isi.edu> <6.2.0.14.0.20050923125332.04320008@pop.frh.utn.edu.ar> <20050923165017.GD10959@pun.isi.edu>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
X-Spam-Score: 3.5 (+++)
X-Scan-Signature: 69a74e02bbee44ab4f8eafdbcedd94a1
Cc: tcpm@ietf.org, Joe Touch <touch@ISI.EDU>
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
Sender: tcpm-bounces@ietf.org
Errors-To: tcpm-bounces@ietf.org
At 01:50 p.m. 23/09/2005, you wrote: >Imagine a host that speaks IPv4 and TCP. You connect to it. The host >goes down and reboots (fairly quickly), but it's flag day, and the host >now no longer supports IPv4 at all, or no longer supports TCP at all. [....] >The point is that for whatever reason, all the host can do is send a >Protocol Not Supported ICMP, because the TCP stack will not be reached >(the postulate is that the host has stopped speaking either TCP or >IPv4). Because the packet can't get to the TCP stack (which may not be >running at all), the host can't generate an RST. Imagine that your connection is operating over a long fat pipe (large bandwidth delay product), and assume you are implementing RFC1323 for PAWS. The ICMP message may contain just the first 64 bits of the original IP datagram that elicited the error (i.e., no timestamps). You might end-up aborting a connection in response to an error message caused by an old segment. Just another scenario in which the same mechanism/feature protects you both from incidental (stale error message, in this case) and intentional (as in the ICMP-based reset attack). So my take is that aborting the connection could probably be not the most sensible thing to do in this case, either. Kindest regards, -- Fernando Gont e-mail: fernando@gont.com.ar || fgont@acm.org _______________________________________________ tcpm mailing list tcpm@ietf.org https://www1.ietf.org/mailman/listinfo/tcpm
- [tcpm] ICMP attacks draft (issue 1): hard errors … Fernando Gont
- Re: [tcpm] ICMP attacks draft (issue 1): hard err… Joe Touch
- Re: [tcpm] ICMP attacks draft (issue 1): hard err… Fernando Gont
- Re: [tcpm] ICMP attacks draft (issue 1): hard err… Ted Faber
- Re: [tcpm] ICMP attacks draft (issue 1): hard err… Joe Touch
- Re: [tcpm] ICMP attacks draft (issue 1): hard err… Fernando Gont
- Re: [tcpm] ICMP attacks draft (issue 1): hard err… Fernando Gont
- Re: [tcpm] ICMP attacks draft (issue 1): hard err… Fernando Gont
- Re: [tcpm] ICMP attacks draft (issue 1): hard err… Joe Touch
- Re: [tcpm] ICMP attacks draft (issue 1): hard err… Joe Touch
- Re: [tcpm] ICMP attacks draft (issue 1): hard err… Fernando Gont
- Re: [tcpm] ICMP attacks draft (issue 1): hard err… Joe Touch
- Re: [tcpm] ICMP attacks draft (issue 1): hard err… Fernando Gont
- Re: [tcpm] ICMP attacks draft (issue 1): hard err… Joe Touch
- Re: [tcpm] ICMP attacks draft (issue 1): hard err… Fernando Gont
- Re: [tcpm] ICMP attacks draft (issue 1): hard err… Joe Touch
- Re: [tcpm] ICMP attacks draft (issue 1): hard err… Lloyd Wood
- Re: [tcpm] ICMP attacks draft (issue 1): hard err… Jakob Heitz
- Re: [tcpm] ICMP attacks draft (issue 1): hard err… Fernando Gont
- Re: [tcpm] ICMP attacks draft (issue 1): hard err… Ted Faber
- Re: [tcpm] ICMP attacks draft (issue 1): hard err… Fernando Gont
- Re: [tcpm] ICMP attacks draft (issue 1): hard err… Joe Touch
- Re: [tcpm] ICMP attacks draft (issue 1): hard err… Fernando Gont
- Re: [tcpm] ICMP attacks draft (issue 1): hard err… Joe Touch
- Re: [tcpm] ICMP attacks draft (issue 1): hard err… Lloyd Wood
- Re: [tcpm] ICMP attacks draft (issue 1): hard err… Ted Faber
- Re: [tcpm] ICMP attacks draft (issue 1): hard err… Ted Faber
- Re: [tcpm] ICMP attacks draft (issue 1): hard err… Ted Faber
- Re: [tcpm] ICMP attacks draft (issue 1): hard err… Joe Touch
- tcpm-antispoof and TCP's weakness [Re: [tcpm] ICM… Pekka Savola
- Re: tcpm-antispoof and TCP's weakness [Re: [tcpm]… Joe Touch
- Re: tcpm-antispoof and TCP's weakness [Re: [tcpm]… Pekka Savola