Ok so we are pretty much decided on adding the
awareness text.
What about we add the following text to cover your
second point also (i.e. recommending the upper layers to
use the payload for validation).
===
6. As the ICMP messages are passed to the upper-layer
processes, it is possible to perform attacks on the
upper layer protocols (e.g., TCP) with ICMP [TCP-attack].
Protecting the upper layer with IPsec mitigates this
problem. If not protected by IPsec, it is recommended
for the upper layers to perform some form of validation
of ICMP messages (using the information contained in
the payload of the ICMP) before action upon them. The
actual validation checks are specific to the upper
layers and are out of the scope of this spec.
===
The third point that you raise about the hard and the soft
errors, I am not sure what to do. Do we already have a
resolution for TCP that
- it should not consider any of the ICMP messages as
hard errors ? Or
- it should perform some checks and then consider them
as hard and soft according to RFC 1122 ? or
- something else ?
Could you suggest what specific text we should add to
ICMPv6 to cover the issue of hard and soft errors ?
Regards
Mukesh
> -----Original Message-----
> From: ext Fernando Gont [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, April 12, 2005 11:38 PM
> To: Gupta Mukesh.K (Nokia-NET/MtView); [EMAIL PROTECTED]
> Cc: ipv6@ietf.org
> Subject: RE: Security considerations of the ICMPv6 draft
>
>
> At 13:57 11/04/2005 -0500, [EMAIL PROTECTED] wrote:
>
> >I agree that we should add some words to raise awareness
> >about the ICMP-based attacks. We could add the text that
> >Pekka suggested in the security consideration section and
> >provide an informative reference to your draft.
>
> That'd be a good thing.
>
>
>
> >I don't think the ICMP draft should go in details of how
> >a transport protocol should protect itself against these
> >attacks. I think, it will be a good idea to write separate
> >drafts for those details.
>
> I didn't mean we should provide details on how transport
> protocols should
> react to ICMP errors. I just suggested that the ICMPv6 draft should
> recommend transport protocols to use the information contained in the
> payload to validate the ICMP messages (but don't say a word about the
> actual checks), and also that it would be great if it
> provided a few words
> about what the ICMP error types/codes mean.
> If left "as is", people will extrapolate the RFC 1122
> description to ICMPv6.
> I just say that adding something like "these error codes do
> not necessarily
> indicate hard errors". That little sentence would mean the
> discussion of
> ICMP in RFC 1122 does not necessarily apply to ICMPv6.
>
> BTW, (closely related to this thread), this was released yesterday:
>
> * Cisco's vulnerability report
> http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml
>
> * CERT/CC's vulnerability report
> http://www.kb.cert.org/vuls/id/222750
>
> * NISCC's vulnerability report
> http://www.niscc.gov.uk/niscc/docs/re-20050412-00303.pdf?lang=en
>
>
> --
> Fernando Gont
> e-mail: [EMAIL PROTECTED] || [EMAIL PROTECTED]
>
>
>
--------------------------------------------------------------------
IETF IPv6 working group mailing list
ipv6@ietf.org
Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------
