draft-ietf-tcpm-icmp-attacks-04.txt   draft-ietf-tcpm-icmp-attacks-05.txt 
TCP Maintenance and Minor F. Gont TCP Maintenance and Minor F. Gont
Extensions (tcpm) UTN/FRH Extensions (tcpm) UTN/FRH
Intended status: Informational Intended status: Informational
Expires: April 30, 2009 Expires: December 6, 2009
ICMP attacks against TCP ICMP attacks against TCP
draft-ietf-tcpm-icmp-attacks-04.txt draft-ietf-tcpm-icmp-attacks-05.txt
Status of this Memo Status of this Memo
By submitting this Internet-Draft, each author represents that any This Internet-Draft is submitted to IETF in full conformance with the
applicable patent or other IPR claims of which he or she is aware provisions of BCP 78 and BCP 79.
have been or will be disclosed, and any of which he or she becomes
aware will be disclosed, in accordance with Section 6 of BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet- other groups may also distribute working documents as Internet-
Drafts. Drafts.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt. http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
This Internet-Draft will expire on April 30, 2009. This Internet-Draft will expire on December 6, 2009.
Copyright Notice
Copyright (c) 2009 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents in effect on the date of
publication of this document (http://trustee.ietf.org/license-info).
Please review these documents carefully, as they describe your rights
and restrictions with respect to this document.
Abstract Abstract
This document discusses the use of the Internet Control Message This document discusses the use of the Internet Control Message
Protocol (ICMP) to perform a variety of attacks against the Protocol (ICMP) to perform a variety of attacks against the
Transmission Control Protocol (TCP) and other similar protocols. Transmission Control Protocol (TCP) and other similar protocols.
Additionally, describes a number of widely implemented modifications Additionally, describes a number of widely implemented modifications
to TCP's handling of ICMP error messages that help to mitigate these to TCP's handling of ICMP error messages that help to mitigate these
issues. issues.
skipping to change at page 2, line 48 skipping to change at page 3, line 5
8. Security Considerations . . . . . . . . . . . . . . . . . . . 28 8. Security Considerations . . . . . . . . . . . . . . . . . . . 28
9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 28 9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 28
10. References . . . . . . . . . . . . . . . . . . . . . . . . . . 29 10. References . . . . . . . . . . . . . . . . . . . . . . . . . . 29
10.1. Normative References . . . . . . . . . . . . . . . . . . . 29 10.1. Normative References . . . . . . . . . . . . . . . . . . . 29
10.2. Informative References . . . . . . . . . . . . . . . . . . 29 10.2. Informative References . . . . . . . . . . . . . . . . . . 29
Appendix A. An analysis of ICMP hard errors . . . . . . . . . . . 32 Appendix A. An analysis of ICMP hard errors . . . . . . . . . . . 32
Appendix B. Advice and guidance to vendors . . . . . . . . . . . 33 Appendix B. Advice and guidance to vendors . . . . . . . . . . . 33
Appendix C. Changes from previous versions of the draft (to Appendix C. Changes from previous versions of the draft (to
be removed by the RFC Editor before publishing be removed by the RFC Editor before publishing
this document as an RFC) . . . . . . . . . . . . . . 33 this document as an RFC) . . . . . . . . . . . . . . 33
C.1. Changes from draft-ietf-tcpm-icmp-attacks-03 . . . . . . . 33 C.1. Changes from draft-ietf-tcpm-icmp-attacks-04 . . . . . . . 33
C.2. Changes from draft-ietf-tcpm-icmp-attacks-02 . . . . . . . 34 C.2. Changes from draft-ietf-tcpm-icmp-attacks-03 . . . . . . . 34
C.3. Changes from draft-ietf-tcpm-icmp-attacks-01 . . . . . . . 34 C.3. Changes from draft-ietf-tcpm-icmp-attacks-02 . . . . . . . 34
C.4. Changes from draft-ietf-tcpm-icmp-attacks-00 . . . . . . . 34 C.4. Changes from draft-ietf-tcpm-icmp-attacks-01 . . . . . . . 34
C.5. Changes from draft-gont-tcpm-icmp-attacks-05 . . . . . . . 35 C.5. Changes from draft-ietf-tcpm-icmp-attacks-00 . . . . . . . 34
C.6. Changes from draft-gont-tcpm-icmp-attacks-04 . . . . . . . 35 C.6. Changes from draft-gont-tcpm-icmp-attacks-05 . . . . . . . 35
C.7. Changes from draft-gont-tcpm-icmp-attacks-03 . . . . . . . 35 C.7. Changes from draft-gont-tcpm-icmp-attacks-04 . . . . . . . 35
C.8. Changes from draft-gont-tcpm-icmp-attacks-02 . . . . . . . 36 C.8. Changes from draft-gont-tcpm-icmp-attacks-03 . . . . . . . 35
C.9. Changes from draft-gont-tcpm-icmp-attacks-01 . . . . . . . 36 C.9. Changes from draft-gont-tcpm-icmp-attacks-02 . . . . . . . 36
C.10. Changes from draft-gont-tcpm-icmp-attacks-00 . . . . . . . 36 C.10. Changes from draft-gont-tcpm-icmp-attacks-01 . . . . . . . 36
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 36 C.11. Changes from draft-gont-tcpm-icmp-attacks-00 . . . . . . . 36
Intellectual Property and Copyright Statements . . . . . . . . . . 38 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 37
1. Introduction 1. Introduction
ICMP [RFC0792] is a fundamental part of the TCP/IP protocol suite, ICMP [RFC0792] is a fundamental part of the TCP/IP protocol suite,
and is used mainly for reporting network error conditions. However, and is used mainly for reporting network error conditions. However,
the current specifications do not recommend any kind of validation the current specifications do not recommend any kind of validation
checks on the received ICMP error messages, thus allowing variety of checks on the received ICMP error messages, thus allowing variety of
attacks against TCP [RFC0793] by means of ICMP, which include blind attacks against TCP [RFC0793] by means of ICMP, which include blind
connection-reset, blind throughput-reduction, and blind performance- connection-reset, blind throughput-reduction, and blind performance-
degrading attacks. All of these attacks can be performed even being degrading attacks. All of these attacks can be performed even being
skipping to change at page 29, line 51 skipping to change at page 29, line 51
10.2. Informative References 10.2. Informative References
[DClark] Clark, D., "The Design Philosophy of the DARPA Internet [DClark] Clark, D., "The Design Philosophy of the DARPA Internet
Protocols", Computer Communication Review Vol. 18, No. 4, Protocols", Computer Communication Review Vol. 18, No. 4,
1988. 1988.
[FreeBSD] The FreeBSD Project, "http://www.freebsd.org". [FreeBSD] The FreeBSD Project, "http://www.freebsd.org".
[I-D.ietf-tcpm-tcp-soft-errors] [I-D.ietf-tcpm-tcp-soft-errors]
Gont, F., "TCP's Reaction to Soft Errors", Gont, F., "TCP's Reaction to Soft Errors",
draft-ietf-tcpm-tcp-soft-errors-08 (work in progress), draft-ietf-tcpm-tcp-soft-errors-09 (work in progress),
April 2008. November 2008.
[I-D.ietf-tcpm-tcpsecure] [I-D.ietf-tcpm-tcpsecure]
Ramaiah, A., Stewart, R., and M. Dalal, "Improving TCP's Ramaiah, A., Stewart, R., and M. Dalal, "Improving TCP's
Robustness to Blind In-Window Attacks", Robustness to Blind In-Window Attacks",
draft-ietf-tcpm-tcpsecure-10 (work in progress), draft-ietf-tcpm-tcpsecure-11 (work in progress),
July 2008. November 2008.
[I-D.ietf-tsvwg-port-randomization] [I-D.ietf-tsvwg-port-randomization]
Larsen, M. and F. Gont, "Port Randomization", Larsen, M. and F. Gont, "Port Randomization",
draft-ietf-tsvwg-port-randomization-02 (work in progress), draft-ietf-tsvwg-port-randomization-03 (work in progress),
August 2008. March 2009.
[ICMP-Filtering] [ICMP-Filtering]
Gont, F., "Filtering of ICMP error messages", http:// Gont, F., "Filtering of ICMP error messages", http://
www.gont.com.ar/papers/ www.gont.com.ar/papers/
filtering-of-icmp-error-messages.pdf. filtering-of-icmp-error-messages.pdf.
[IP-filtering] [IP-filtering]
NISCC, "NISCC Technical Note 01/2006: Egress and Ingress NISCC, "NISCC Technical Note 01/2006: Egress and Ingress
Filtering", http://www.niscc.gov.uk/niscc/docs/ Filtering", http://www.niscc.gov.uk/niscc/docs/
re-20060420-00294.pdf?lang=en, 2006. re-20060420-00294.pdf?lang=en, 2006.
skipping to change at page 33, line 46 skipping to change at page 33, line 46
vulnerabilities and potential threats to IT systems especially where vulnerabilities and potential threats to IT systems especially where
they may have an impact on Critical National Infrastructure's (CNI). they may have an impact on Critical National Infrastructure's (CNI).
Other ways to contact CPNI, plus CPNI's PGP public key, are available Other ways to contact CPNI, plus CPNI's PGP public key, are available
at http://www.cpni.gov.uk . at http://www.cpni.gov.uk .
Appendix C. Changes from previous versions of the draft (to be removed Appendix C. Changes from previous versions of the draft (to be removed
by the RFC Editor before publishing this document as an by the RFC Editor before publishing this document as an
RFC) RFC)
C.1. Changes from draft-ietf-tcpm-icmp-attacks-03 C.1. Changes from draft-ietf-tcpm-icmp-attacks-04
o The draft had expired and thus is resubmitted with no further
changes. Currently working on a rev of the document (Please send
feedback!).
C.2. Changes from draft-ietf-tcpm-icmp-attacks-03
o The draft had expired and thus is resubmitted with no further o The draft had expired and thus is resubmitted with no further
changes. changes.
C.2. Changes from draft-ietf-tcpm-icmp-attacks-02 C.3. Changes from draft-ietf-tcpm-icmp-attacks-02
o Added a disclaimer to indicate that this document does not update o Added a disclaimer to indicate that this document does not update
the current specifications. the current specifications.
o Addresses feedback sent off-list by Alfred Hoenes. o Addresses feedback sent off-list by Alfred Hoenes.
o The text (particulary that which describes the counter-measures) o The text (particulary that which describes the counter-measures)
was reworded to document what current implementations are doing, was reworded to document what current implementations are doing,
rather than "proposing" the implementation of the counter- rather than "proposing" the implementation of the counter-
measures. measures.
o Some text has been removed: we're just documenting the problem, o Some text has been removed: we're just documenting the problem,
and what existing implementations have done. and what existing implementations have done.
o Miscelaneous editorial changes. o Miscelaneous editorial changes.
C.3. Changes from draft-ietf-tcpm-icmp-attacks-01 C.4. Changes from draft-ietf-tcpm-icmp-attacks-01
o Fixed references to the antispoof documents (were hardcoded and o Fixed references to the antispoof documents (were hardcoded and
missing in the References Section). missing in the References Section).
o The draft had expired and thus is resubmitted with only a minor o The draft had expired and thus is resubmitted with only a minor
editorial change. editorial change.
C.4. Changes from draft-ietf-tcpm-icmp-attacks-00 C.5. Changes from draft-ietf-tcpm-icmp-attacks-00
o Added references to the specific sections of each of the o Added references to the specific sections of each of the
referenced specifications referenced specifications
o Corrected the threat analysys o Corrected the threat analysys
o Added clarification about whether the counter-measures violate the o Added clarification about whether the counter-measures violate the
current specifications or not. current specifications or not.
o Changed text so that the document fits better in the Informational o Changed text so that the document fits better in the Informational
skipping to change at page 34, line 44 skipping to change at page 35, line 4
o Added references to the specific sections of each of the o Added references to the specific sections of each of the
referenced specifications referenced specifications
o Corrected the threat analysys o Corrected the threat analysys
o Added clarification about whether the counter-measures violate the o Added clarification about whether the counter-measures violate the
current specifications or not. current specifications or not.
o Changed text so that the document fits better in the Informational o Changed text so that the document fits better in the Informational
path path
o Added a specific section on IPsec (Section 2.3) o Added a specific section on IPsec (Section 2.3)
o Added clarification and references on the use of ICMP filtering o Added clarification and references on the use of ICMP filtering
based on the ICMP payload based on the ICMP payload
o Updated references to obsoleted RFCs o Updated references to obsoleted RFCs
o Added a discussion of multipath scenarios, and possible lose in o Added a discussion of multipath scenarios, and possible lose in
responsiveness resulting from the reaction to hard errors as soft responsiveness resulting from the reaction to hard errors as soft
errors errors
o Miscellaneous editorial changes o Miscellaneous editorial changes
C.5. Changes from draft-gont-tcpm-icmp-attacks-05 C.6. Changes from draft-gont-tcpm-icmp-attacks-05
o Removed RFC 2119 wording to make the draft suitable for o Removed RFC 2119 wording to make the draft suitable for
publication as an Informational RFC. publication as an Informational RFC.
o Added additional checks that should be performed on ICMP error o Added additional checks that should be performed on ICMP error
messages (checksum of the IP header in the ICMP payload, and messages (checksum of the IP header in the ICMP payload, and
others). others).
o Added clarification of the rationale behind each the TCP SEQ check o Added clarification of the rationale behind each the TCP SEQ check
o Miscellaneous editorial changes o Miscellaneous editorial changes
C.6. Changes from draft-gont-tcpm-icmp-attacks-04 C.7. Changes from draft-gont-tcpm-icmp-attacks-04
o Added section on additional considerations for validating ICMP o Added section on additional considerations for validating ICMP
error messages error messages
o Added reference to (draft) [RFC4907] o Added reference to (draft) [RFC4907]
o Added stress on the fact that ICMP error messages are unreliable o Added stress on the fact that ICMP error messages are unreliable
o Miscellaneous editorial changes o Miscellaneous editorial changes
C.7. Changes from draft-gont-tcpm-icmp-attacks-03 C.8. Changes from draft-gont-tcpm-icmp-attacks-03
o Added references to existing implementations of the proposed o Added references to existing implementations of the proposed
counter-measures counter-measures
o The discussion in Section 4 was improved o The discussion in Section 4 was improved
o The discussion of the blind connection-reset vulnerability was o The discussion of the blind connection-reset vulnerability was
expanded and improved expanded and improved
o The proposed counter-measure for the attack against the PMTUD was o The proposed counter-measure for the attack against the PMTUD was
improved and simplified improved and simplified
o Section 7.4 was added o Section 7.4 was added
o Miscellaneous editorial changes o Miscellaneous editorial changes
C.8. Changes from draft-gont-tcpm-icmp-attacks-02 C.9. Changes from draft-gont-tcpm-icmp-attacks-02
o Fixed errors in in the discussion of the blind connection-reset o Fixed errors in in the discussion of the blind connection-reset
attack attack
o The proposed counter-measure for the attack against the PMTUD o The proposed counter-measure for the attack against the PMTUD
mechanism was refined to allow quick discovery of the Path-MTU mechanism was refined to allow quick discovery of the Path-MTU
o Section 7.3 was added so as to clarify the operation of the o Section 7.3 was added so as to clarify the operation of the
counter-measure for the attack against the PMTUD mechanism counter-measure for the attack against the PMTUD mechanism
o Added Appendix B o Added Appendix B
o Miscellaneous editorial changes o Miscellaneous editorial changes
C.9. Changes from draft-gont-tcpm-icmp-attacks-01 C.10. Changes from draft-gont-tcpm-icmp-attacks-01
o The document was restructured for easier reading o The document was restructured for easier reading
o A discussion of ICMPv6 was added in several sections of the o A discussion of ICMPv6 was added in several sections of the
document document
o Added Section on Acknowledgement number checking o Added Section on Acknowledgement number checking
o Added Section 4.3 o Added Section 4.3
o Added Section 7 o Added Section 7
o Fixed typo in the ICMP types, in several places o Fixed typo in the ICMP types, in several places
o Fixed typo in the TCP sequence number check formula o Fixed typo in the TCP sequence number check formula
o Miscellaneous editorial changes o Miscellaneous editorial changes
C.10. Changes from draft-gont-tcpm-icmp-attacks-00 C.11. Changes from draft-gont-tcpm-icmp-attacks-00
o Added a proposal to change the handling of the so-called ICMP hard o Added a proposal to change the handling of the so-called ICMP hard
errors during the synchronized states errors during the synchronized states
o Added a summary of the relevant RFCs in several sections o Added a summary of the relevant RFCs in several sections
o Miscellaneous editorial changes o Miscellaneous editorial changes
Author's Address Author's Address
Fernando Gont Fernando Gont
Universidad Tecnologica Nacional / Facultad Regional Haedo Universidad Tecnologica Nacional / Facultad Regional Haedo
Evaristo Carriego 2644 Evaristo Carriego 2644
Haedo, Provincia de Buenos Aires 1706 Haedo, Provincia de Buenos Aires 1706
Argentina Argentina
skipping to change at page 38, line 4 skipping to change at line 1661
Fernando Gont Fernando Gont
Universidad Tecnologica Nacional / Facultad Regional Haedo Universidad Tecnologica Nacional / Facultad Regional Haedo
Evaristo Carriego 2644 Evaristo Carriego 2644
Haedo, Provincia de Buenos Aires 1706 Haedo, Provincia de Buenos Aires 1706
Argentina Argentina
Phone: +54 11 4650 8472 Phone: +54 11 4650 8472
Email: fernando@gont.com.ar Email: fernando@gont.com.ar
URI: http://www.gont.com.ar URI: http://www.gont.com.ar
Full Copyright Statement
Copyright (C) The IETF Trust (2008).
This document is subject to the rights, licenses and restrictions
contained in BCP 78, and except as set forth therein, the authors
retain all their rights.
This document and the information contained herein are provided on an
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND
THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS
OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF
THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Intellectual Property
The IETF takes no position regarding the validity or scope of any
Intellectual Property Rights or other rights that might be claimed to
pertain to the implementation or use of the technology described in
this document or the extent to which any license under such rights
might or might not be available; nor does it represent that it has
made any independent effort to identify any such rights. Information
on the procedures with respect to rights in RFC documents can be
found in BCP 78 and BCP 79.
Copies of IPR disclosures made to the IETF Secretariat and any
assurances of licenses to be made available, or the result of an
attempt made to obtain a general license or permission for the use of
such proprietary rights by implementers or users of this
specification can be obtained from the IETF on-line IPR repository at
http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention any
copyrights, patents or patent applications, or other proprietary
rights that may cover technology that may be required to implement
this standard. Please address the information to the IETF at
ietf-ipr@ietf.org.
 End of changes. 23 change blocks. 
38 lines changed or deleted 51 lines changed or added

This html diff was produced by rfcdiff 1.35. The latest version is available from http://tools.ietf.org/tools/rfcdiff/