draft-ietf-tcpm-icmp-attacks-08.txt   draft-ietf-tcpm-icmp-attacks-09.txt 
TCP Maintenance and Minor F. Gont TCP Maintenance and Minor F. Gont
Extensions (tcpm) UTN/FRH Extensions (tcpm) UTN/FRH
Internet-Draft January 19, 2010 Internet-Draft January 19, 2010
Intended status: Informational Intended status: Informational
Expires: July 23, 2010 Expires: July 23, 2010
ICMP attacks against TCP ICMP attacks against TCP
draft-ietf-tcpm-icmp-attacks-08.txt draft-ietf-tcpm-icmp-attacks-09.txt
Abstract Abstract
This document discusses the use of the Internet Control Message This document discusses the use of the Internet Control Message
Protocol (ICMP) to perform a variety of attacks against the Protocol (ICMP) to perform a variety of attacks against the
Transmission Control Protocol (TCP) and other similar protocols. Transmission Control Protocol (TCP) and other similar protocols.
Additionally, describes a number of widely implemented modifications Additionally, describes a number of widely implemented modifications
to TCP's handling of ICMP error messages that help to mitigate these to TCP's handling of ICMP error messages that help to mitigate these
issues. issues.
skipping to change at page 3, line 47 skipping to change at page 3, line 47
performance-degrading attack . . . . . . . . . . . . . . . 26 performance-degrading attack . . . . . . . . . . . . . . . 26
8. Security Considerations . . . . . . . . . . . . . . . . . . . 30 8. Security Considerations . . . . . . . . . . . . . . . . . . . 30
9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 31 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 31
10. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 31 10. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 31
11. References . . . . . . . . . . . . . . . . . . . . . . . . . . 32 11. References . . . . . . . . . . . . . . . . . . . . . . . . . . 32
11.1. Normative References . . . . . . . . . . . . . . . . . . . 32 11.1. Normative References . . . . . . . . . . . . . . . . . . . 32
11.2. Informative References . . . . . . . . . . . . . . . . . . 32 11.2. Informative References . . . . . . . . . . . . . . . . . . 32
Appendix A. Changes from previous versions of the draft (to Appendix A. Changes from previous versions of the draft (to
be removed by the RFC Editor before publishing be removed by the RFC Editor before publishing
this document as an RFC) . . . . . . . . . . . . . . 35 this document as an RFC) . . . . . . . . . . . . . . 35
A.1. Changes from draft-ietf-tcpm-icmp-attacks-07 . . . . . . . 35 A.1. Changes from draft-ietf-tcpm-icmp-attacks-08 . . . . . . . 35
A.2. Changes from draft-ietf-tcpm-icmp-attacks-06 . . . . . . . 35 A.2. Changes from draft-ietf-tcpm-icmp-attacks-07 . . . . . . . 35
A.3. Changes from draft-ietf-tcpm-icmp-attacks-05 . . . . . . . 35 A.3. Changes from draft-ietf-tcpm-icmp-attacks-06 . . . . . . . 35
A.4. Changes from draft-ietf-tcpm-icmp-attacks-04 . . . . . . . 35 A.4. Changes from draft-ietf-tcpm-icmp-attacks-05 . . . . . . . 35
A.5. Changes from draft-ietf-tcpm-icmp-attacks-03 . . . . . . . 35 A.5. Changes from draft-ietf-tcpm-icmp-attacks-04 . . . . . . . 35
A.6. Changes from draft-ietf-tcpm-icmp-attacks-02 . . . . . . . 36 A.6. Changes from draft-ietf-tcpm-icmp-attacks-03 . . . . . . . 36
A.7. Changes from draft-ietf-tcpm-icmp-attacks-01 . . . . . . . 36 A.7. Changes from draft-ietf-tcpm-icmp-attacks-02 . . . . . . . 36
A.8. Changes from draft-ietf-tcpm-icmp-attacks-00 . . . . . . . 36 A.8. Changes from draft-ietf-tcpm-icmp-attacks-01 . . . . . . . 36
A.9. Changes from draft-gont-tcpm-icmp-attacks-05 . . . . . . . 37 A.9. Changes from draft-ietf-tcpm-icmp-attacks-00 . . . . . . . 36
A.10. Changes from draft-gont-tcpm-icmp-attacks-04 . . . . . . . 37 A.10. Changes from draft-gont-tcpm-icmp-attacks-05 . . . . . . . 37
A.11. Changes from draft-gont-tcpm-icmp-attacks-03 . . . . . . . 37 A.11. Changes from draft-gont-tcpm-icmp-attacks-04 . . . . . . . 37
A.12. Changes from draft-gont-tcpm-icmp-attacks-02 . . . . . . . 37 A.12. Changes from draft-gont-tcpm-icmp-attacks-03 . . . . . . . 37
A.13. Changes from draft-gont-tcpm-icmp-attacks-01 . . . . . . . 38 A.13. Changes from draft-gont-tcpm-icmp-attacks-02 . . . . . . . 38
A.14. Changes from draft-gont-tcpm-icmp-attacks-00 . . . . . . . 38 A.14. Changes from draft-gont-tcpm-icmp-attacks-01 . . . . . . . 38
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 38 A.15. Changes from draft-gont-tcpm-icmp-attacks-00 . . . . . . . 38
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 39
1. Introduction 1. Introduction
ICMP [RFC0792] is a fundamental part of the TCP/IP protocol suite, ICMP [RFC0792] is a fundamental part of the TCP/IP protocol suite,
and is used mainly for reporting network error conditions. However, and is used mainly for reporting network error conditions. However,
the current specifications do not recommend any kind of validation the current specifications do not recommend any kind of validation
checks on the received ICMP error messages, thus allowing variety of checks on the received ICMP error messages, thus allowing variety of
attacks against TCP [RFC0793] by means of ICMP, which include blind attacks against TCP [RFC0793] by means of ICMP, which include blind
connection-reset, blind throughput-reduction, and blind performance- connection-reset, blind throughput-reduction, and blind performance-
degrading attacks. All of these attacks can be performed even being degrading attacks. All of these attacks can be performed even being
skipping to change at page 30, line 4 skipping to change at page 30, line 4
if (acked_packet_size > maxsizeacked) if (acked_packet_size > maxsizeacked)
maxsizeacked = acked_packet_size; maxsizeacked = acked_packet_size;
if (pending_message) if (pending_message)
if (ack > claimedtcpseq){ if (ack > claimedtcpseq){
pending_message = 0; pending_message = 0;
nsegrto = 0; nsegrto = 0;
} }
EVENT: ICMP "Packet Too Big" message is received EVENT: ICMP "Packet Too Big" message is received
if (claimedmtu &lt= MINIMUM_MTU) if (claimedmtu <= MINIMUM_MTU)
drop_message(); drop_message();
if (claimedtcpseq < SND.UNA || claimed_TCP_SEQ &amp;gt= SND.NXT){ if (claimedtcpseq < SND.UNA || claimed_TCP_SEQ &gt;= SND.NXT){
drop_message(); drop_message();
} }
else { else {
if (claimedmtu > maxsizesent || claimedmtu >= current_mtu) if (claimedmtu > maxsizesent || claimedmtu >= current_mtu)
drop_message(); drop_message();
else { else {
if (claimedmtu > maxsizeacked){ if (claimedmtu > maxsizeacked){
adjust_mtu(); adjust_mtu();
skipping to change at page 32, line 11 skipping to change at page 32, line 11
they are processed when an outstanding TCP segment times out. This they are processed when an outstanding TCP segment times out. This
countermeasures parallels the Packetization Layer Path MTU Discovery countermeasures parallels the Packetization Layer Path MTU Discovery
(PLPMTUD) mechanism [RFC4821]. (PLPMTUD) mechanism [RFC4821].
A discussion of these and other attack vectors for performing similar A discussion of these and other attack vectors for performing similar
attacks against TCP (along with possible counter-measures) can be attacks against TCP (along with possible counter-measures) can be
found in [CPNI-TCP] and [I-D.ietf-tcpm-tcp-security]. found in [CPNI-TCP] and [I-D.ietf-tcpm-tcp-security].
9. IANA Considerations 9. IANA Considerations
This document has no actions for IANA.. The RFC-Editor can remove This document has no actions for IANA. The RFC-Editor can remove
this section before publication of this document as an RFC. this section before publication of this document as an RFC.
10. Acknowledgements 10. Acknowledgements
This document was inspired by Mika Liljeberg, while discussing some This document was inspired by Mika Liljeberg, while discussing some
issues related to [RFC5461] by private e-mail. The author would like issues related to [RFC5461] by private e-mail. The author would like
to thank (in alphabetical order): Bora Akyol, Mark Allman, Ran to thank (in alphabetical order): Bora Akyol, Mark Allman, Ran
Atkinson, James Carlson, Alan Cox, Theo de Raadt, Wesley Eddy, Ted Atkinson, James Carlson, Alan Cox, Theo de Raadt, Wesley Eddy, Ted
Faber, Juan Fraschini, Markus Friedl, Guillermo Gont, John Heffner, Faber, Juan Fraschini, Markus Friedl, Guillermo Gont, John Heffner,
Alfred Hoenes, Vivek Kakkar, Michael Kerrisk, Mika Liljeberg, Matt Alfred Hoenes, Vivek Kakkar, Michael Kerrisk, Mika Liljeberg, Matt
skipping to change at page 36, line 20 skipping to change at page 36, line 20
[Watson] Watson, P., "Slipping in the Window: TCP Reset Attacks", [Watson] Watson, P., "Slipping in the Window: TCP Reset Attacks",
2004 CanSecWest Conference , 2004. 2004 CanSecWest Conference , 2004.
[Wright] Wright, G. and W. Stevens, "TCP/IP Illustrated, Volume 2: [Wright] Wright, G. and W. Stevens, "TCP/IP Illustrated, Volume 2:
The Implementation", Addison-Wesley , 1994. The Implementation", Addison-Wesley , 1994.
Appendix A. Changes from previous versions of the draft (to be removed Appendix A. Changes from previous versions of the draft (to be removed
by the RFC Editor before publishing this document as an by the RFC Editor before publishing this document as an
RFC) RFC)
A.1. Changes from draft-ietf-tcpm-icmp-attacks-07 A.1. Changes from draft-ietf-tcpm-icmp-attacks-08
o Fixes a couple of nits found by... Alfred!. Thanks! (again, and
again, and again....).
A.2. Changes from draft-ietf-tcpm-icmp-attacks-07
o Addresses some remaining WGLC feedback sent off-list by Donald o Addresses some remaining WGLC feedback sent off-list by Donald
Smith and Guillermo Gont. Smith and Guillermo Gont.
A.2. Changes from draft-ietf-tcpm-icmp-attacks-06 A.3. Changes from draft-ietf-tcpm-icmp-attacks-06
o Addresses WGLC feedback by Joe Touch and Donald Smith. o Addresses WGLC feedback by Joe Touch and Donald Smith.
A.3. Changes from draft-ietf-tcpm-icmp-attacks-05 A.4. Changes from draft-ietf-tcpm-icmp-attacks-05
o Addresses feedback submitted by Wes Eddy o Addresses feedback submitted by Wes Eddy
(http://www.ietf.org/mail-archive/web/tcpm/current/msg04573.html (http://www.ietf.org/mail-archive/web/tcpm/current/msg04573.html
and and
http://www.ietf.org/mail-archive/web/tcpm/current/msg04574.html) http://www.ietf.org/mail-archive/web/tcpm/current/msg04574.html)
and Joe Touch (on June 8th... couldn't find online ref, sorry) on and Joe Touch (on June 8th... couldn't find online ref, sorry) on
the TCPM WG mailing-list. the TCPM WG mailing-list.
A.4. Changes from draft-ietf-tcpm-icmp-attacks-04 A.5. Changes from draft-ietf-tcpm-icmp-attacks-04
o The draft had expired and thus is resubmitted with no further o The draft had expired and thus is resubmitted with no further
changes. Currently working on a rev of the document (Please send changes. Currently working on a rev of the document (Please send
feedback!). feedback!).
A.5. Changes from draft-ietf-tcpm-icmp-attacks-03 A.6. Changes from draft-ietf-tcpm-icmp-attacks-03
o The draft had expired and thus is resubmitted with no further o The draft had expired and thus is resubmitted with no further
changes. changes.
A.6. Changes from draft-ietf-tcpm-icmp-attacks-02 A.7. Changes from draft-ietf-tcpm-icmp-attacks-02
o Added a disclaimer to indicate that this document does not update o Added a disclaimer to indicate that this document does not update
the current specifications. the current specifications.
o Addresses feedback sent off-list by Alfred Hoenes. o Addresses feedback sent off-list by Alfred Hoenes.
o The text (particulary that which describes the counter-measures) o The text (particulary that which describes the counter-measures)
was reworded to document what current implementations are doing, was reworded to document what current implementations are doing,
rather than "proposing" the implementation of the counter- rather than "proposing" the implementation of the counter-
measures. measures.
o Some text has been removed: we're just documenting the problem, o Some text has been removed: we're just documenting the problem,
and what existing implementations have done. and what existing implementations have done.
o Miscelaneous editorial changes. o Miscelaneous editorial changes.
A.7. Changes from draft-ietf-tcpm-icmp-attacks-01 A.8. Changes from draft-ietf-tcpm-icmp-attacks-01
o Fixed references to the antispoof documents (were hardcoded and o Fixed references to the antispoof documents (were hardcoded and
missing in the References Section). missing in the References Section).
o The draft had expired and thus is resubmitted with only a minor o The draft had expired and thus is resubmitted with only a minor
editorial change. editorial change.
A.8. Changes from draft-ietf-tcpm-icmp-attacks-00 A.9. Changes from draft-ietf-tcpm-icmp-attacks-00
o Added references to the specific sections of each of the o Added references to the specific sections of each of the
referenced specifications referenced specifications
o Corrected the threat analysys o Corrected the threat analysys
o Added clarification about whether the counter-measures violate the o Added clarification about whether the counter-measures violate the
current specifications or not. current specifications or not.
o Changed text so that the document fits better in the Informational o Changed text so that the document fits better in the Informational
skipping to change at page 38, line 7 skipping to change at page 38, line 13
based on the ICMP payload based on the ICMP payload
o Updated references to obsoleted RFCs o Updated references to obsoleted RFCs
o Added a discussion of multipath scenarios, and possible lose in o Added a discussion of multipath scenarios, and possible lose in
responsiveness resulting from the reaction to hard errors as soft responsiveness resulting from the reaction to hard errors as soft
errors errors
o Miscellaneous editorial changes o Miscellaneous editorial changes
A.9. Changes from draft-gont-tcpm-icmp-attacks-05 A.10. Changes from draft-gont-tcpm-icmp-attacks-05
o Removed RFC 2119 wording to make the draft suitable for o Removed RFC 2119 wording to make the draft suitable for
publication as an Informational RFC. publication as an Informational RFC.
o Added additional checks that should be performed on ICMP error o Added additional checks that should be performed on ICMP error
messages (checksum of the IP header in the ICMP payload, and messages (checksum of the IP header in the ICMP payload, and
others). others).
o Added clarification of the rationale behind each the TCP SEQ check o Added clarification of the rationale behind each the TCP SEQ check
o Miscellaneous editorial changes o Miscellaneous editorial changes
A.10. Changes from draft-gont-tcpm-icmp-attacks-04 A.11. Changes from draft-gont-tcpm-icmp-attacks-04
o Added section on additional considerations for validating ICMP o Added section on additional considerations for validating ICMP
error messages error messages
o Added reference to (draft) [RFC4907] o Added reference to (draft) [RFC4907]
o Added stress on the fact that ICMP error messages are unreliable o Added stress on the fact that ICMP error messages are unreliable
o Miscellaneous editorial changes o Miscellaneous editorial changes
A.11. Changes from draft-gont-tcpm-icmp-attacks-03 A.12. Changes from draft-gont-tcpm-icmp-attacks-03
o Added references to existing implementations of the proposed o Added references to existing implementations of the proposed
counter-measures counter-measures
o The discussion in Section 4 was improved o The discussion in Section 4 was improved
o The discussion of the blind connection-reset vulnerability was o The discussion of the blind connection-reset vulnerability was
expanded and improved expanded and improved
o The proposed counter-measure for the attack against the PMTUD was o The proposed counter-measure for the attack against the PMTUD was
skipping to change at page 38, line 45 skipping to change at page 39, line 4
o The discussion in Section 4 was improved o The discussion in Section 4 was improved
o The discussion of the blind connection-reset vulnerability was o The discussion of the blind connection-reset vulnerability was
expanded and improved expanded and improved
o The proposed counter-measure for the attack against the PMTUD was o The proposed counter-measure for the attack against the PMTUD was
improved and simplified improved and simplified
o Section 7.4 was added o Section 7.4 was added
o Miscellaneous editorial changes o Miscellaneous editorial changes
A.12. Changes from draft-gont-tcpm-icmp-attacks-02 A.13. Changes from draft-gont-tcpm-icmp-attacks-02
o Fixed errors in in the discussion of the blind connection-reset o Fixed errors in in the discussion of the blind connection-reset
attack attack
o The proposed counter-measure for the attack against the PMTUD o The proposed counter-measure for the attack against the PMTUD
mechanism was refined to allow quick discovery of the Path-MTU mechanism was refined to allow quick discovery of the Path-MTU
o Section 7.3 was added so as to clarify the operation of the o Section 7.3 was added so as to clarify the operation of the
counter-measure for the attack against the PMTUD mechanism counter-measure for the attack against the PMTUD mechanism
o Added CPNI contact information. o Added CPNI contact information.
o Miscellaneous editorial changes o Miscellaneous editorial changes
A.13. Changes from draft-gont-tcpm-icmp-attacks-01 A.14. Changes from draft-gont-tcpm-icmp-attacks-01
o The document was restructured for easier reading o The document was restructured for easier reading
o A discussion of ICMPv6 was added in several sections of the o A discussion of ICMPv6 was added in several sections of the
document document
o Added Section on Acknowledgement number checking o Added Section on Acknowledgement number checking
o Added Section 4.3 o Added Section 4.3
o Added Section 7 o Added Section 7
o Fixed typo in the ICMP types, in several places o Fixed typo in the ICMP types, in several places
o Fixed typo in the TCP sequence number check formula o Fixed typo in the TCP sequence number check formula
o Miscellaneous editorial changes o Miscellaneous editorial changes
A.14. Changes from draft-gont-tcpm-icmp-attacks-00 A.15. Changes from draft-gont-tcpm-icmp-attacks-00
o Added a proposal to change the handling of the so-called ICMP hard o Added a proposal to change the handling of the so-called ICMP hard
errors during the synchronized states errors during the synchronized states
o Added a summary of the relevant RFCs in several sections o Added a summary of the relevant RFCs in several sections
o Miscellaneous editorial changes o Miscellaneous editorial changes
Author's Address Author's Address
 End of changes. 20 change blocks. 
34 lines changed or deleted 39 lines changed or added

This html diff was produced by rfcdiff 1.37b. The latest version is available from http://tools.ietf.org/tools/rfcdiff/