| To: | netdev@xxxxxxxxxxx |
|---|---|
| Subject: | ICMP attacks against TCP |
| From: | Fernando Gont <fernando@xxxxxxxxxxx> |
| Date: | Sun, 12 Sep 2004 22:40:04 -0300 |
| Sender: | netdev-bounce@xxxxxxxxxxx |
Folks, I'm the author of an IETF Internet Draft that discusses the use of ICMP to perform a number of attacks against TCP and other similar protocols. The draft can be found at: http://www.ietf.org/internet-drafts/draft-gont-tcpm-icmp-attacks-01.txt The draft proposes some work-arounds that eliminate or minimize the impact of these attacks. For example, one of the proposed work-arounds is to check the TCP sequence number that is included in the payload of ICMP error messages. While this check has been implemented in a number of TCP/IP stack implementations (including Linux), it has never been officially documented. There are some other work-arounds (for example, ignoring ICMP Source Quench messages) are not implemented in Linux, though. I'd appreciate any comments on the draft. Both for those work-arounds implemented by Linux, and for those that aren't. Thus, I'd be able to address your comments in the next revision of the draft, and will also sum-up your feedback and post it to the relevant IETF mailing list (that of the TCPM WG mailing-list). In case there's consensus that the proposed fixes are the right way to go, it will probably help to move the draft forward, and thus maybe the proposed work-arounds will be adopted by other TCP/IP stack implementations. Thanks! -- Fernando Gont e-mail: fernando@xxxxxxxxxxx || fgont@xxxxxxx |
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | Re: [PATCH] IPV6: fix an oops in rt6_device_match(), YOSHIFUJI Hideaki / 吉藤英明 |
|---|---|
| Next by Date: | Re: [PATCH] NETIF_F_LLTX for devices 2, Andrew Grover |
| Previous by Thread: | RE: Linux 2.4.27 SECURITY BUG - TCP Local andREMOTE(verified)Denial of Service Attack, Wolfpaw - Dale Corse |
| Next by Thread: | Re: ICMP attacks against TCP, David S. Miller |
| Indexes: | [Date] [Thread] [Top] [All Lists] |