tcpm@ietf.org
[Top] [All Lists]
<prev [Date] next>
<prev [Thread] next>

Re: [tcpm] ICMP attacks draft

from [Joe Touch]
Subject: Re: [tcpm] ICMP attacks draft
From: Joe Touch
Date: Sun, 20 Feb 2005 05:21:17 -0800
One issue raised is whether TCP should react to ICMP hard errors on a multipath scenario when data is still getting through on one path.
Currently the spec (1122) says you MUST drop the connection for hard errors received; it doesn't talk at all about progress of the connection as cancelling that need.
If progress is considered, IMO you should basically keep ALL ICMPs that affect TCP in a queue for around 1 RTT; if you make progress, then drop them. Otherwise, act on them.
Do that and you DON'T NEED THE SEQ NUM CHECK - *and* you're resistant to DDOS attacs on-path to boot. 

Now, what is the point of seq num checking again?

Joe Touch wrote:

_______________________________________________
tcpm mailing list
tcpm@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/tcpm
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [tcpm] summary of remaining issues with ICMP seq checking draft, Fernando Gont
Next by Date:  Re: [tcpm] ICMP attacks draft, Joe Touch
Previous by Thread:  Re: [tcpm] ICMP attacks draft, Fernando Gont
Next by Thread:  Re: [tcpm] ICMP attacks draft, Pekka Savola
Indexes:  [Date] [Thread] [Top] [All Lists]