Subject: Re: ICMP attacks against TCP
To: Jonathan Stone <jonathan@dsg.stanford.edu>
From: Fernando Gont <fernando@gont.com.ar>
List: tech-security
Date: 12/11/2004 02:42:39
At 15:09 09/12/2004 -0800, Jonathan Stone wrote:
> >You can get the latest version of the draft from:
> >http://www.gont.com.ar/drafts/icmp-attacks-against-tcp.html
>
>If you really want constructive criticism, I think you'd be much
>better off not spamming anyone who goes to that URL with popup ads.
BTW, the draft has already shown up in the internet-drafts directory. You
can get it from
http://www.ietf.org/internet-drafts/draft-gont-tcpm-icmp-attacks-02.txt .
Also, I have moved my site to a new server, so you can now visit
http://www.gont.com.ar/drafts/icmp-attacks-against-tcp.html without any
ads, etc.
BTW, here's an errata for the draft:
Section 6.2.1 says:
ICMP type 3 (Destination Unreachable), code 2 (protocol unreachable)
For ICMP messages of type 3 (Destination Unreachable) code 2
(protocol unreachable), specifically, the Host Requirements RFC
states that even those transport protocols that have their own
mechanisms to indicate that a port is unreachable MUST accept
these ICMP error messages for the same purpose. That is, they
MUST abort the corresponding connection when an ICMP port
unreachable message is received.
This ICMP error message indicates that the host sending the ICMP
error message received a packet meant for a transport protocol it
does not support. For connection-oriented protocols such as TCP,
one could expect to receive such an error as the result of a
connection establishment attempt. However, it would be strange to
get such an error during the life of a connection, as this would
indicate that support for that transport protocol has been removed
from the host sending the error message during the life of the
corresponding connection. Thus, it would be fair to treat ICMP
protocol unreachable error messages as soft errors (or completely
ignore them) if they are meant for connections that are in
synchronized states. For TCP, this means one would treat ICMP
port unreachable error messages as soft errors (or completely
ignore them) if they are meant for connections that are in the
ESTABLISHED, FIN-WAIT-1, FIN-WAIT-2, CLOSE-WAIT, CLOSING, LAST-ACK
or TIME-WAIT states.
It should say:
ICMP type 3 (Destination Unreachable), code 2 (protocol unreachable)
This ICMP error message indicates that the host sending the ICMP
error message received a packet meant for a transport protocol it
does not support. For connection-oriented protocols such as TCP,
one could expect to receive such an error as the result of a
connection-establishment attempt. However, it would be strange to
get such an error during the life of a connection, as this would
indicate that support for that transport protocol has been removed
from the host sending the error message during the life of the
corresponding connection. Thus, it would be fair to treat ICMP
protocol unreachable error messages as soft errors (or completely
ignore them) if they are meant for connections that are in
synchronized states. For TCP, this means one would treat ICMP
protocol unreachable error messages as soft errors (or completely
ignore them) if they are meant for connections that are in the
ESTABLISHED, FIN-WAIT-1, FIN-WAIT-2, CLOSE-WAIT, CLOSING, LAST-ACK
or TIME-WAIT states.
Kind regards,
--
Fernando Gont
e-mail: fernando@gont.com.ar || fgont@acm.org