Hi Kathleen, On 5/14/15 9:49 PM, Ronald Bonica wrote: > Hi Kathleen, > > Thanks, I will post an updated version of the draft. > > Regarding Fred’s question, an attacker can send ICMP PTB to the GRE > ingress node. When this happens, the GRE ingress node’s estimation of > the PMTU and GMTU become inaccurate. That is why the draft says: > > “PMTU Discovery is vulnerable to two denial of service attacks (see > Section 8 of [RFC1191] for details). Both attacks are based upon on a > malicious party sending forged ICMPv4 Destination Unreachable or > ICMPv6 Packet Too Big messages to a host. In the first attack, the > forged message indicates an inordinately small PMTU. In the second > attack, the forged message indicates an inordinately large MTU. In > both cases, throughput is adversely affected. On order to mitigate > such attacks, GRE implementations include a configuration option to > disable PMTU discovery on GRE tunnels. Also, they can include a > configuration option that conditions the behavior of PMTUD to > establish a minimum PMTU.”
The problem with Fred's question is that it is a well-known vulnerability of ICMP in general and has a much broader impact than just fragmentation and GRE (i.e., this draft). Additionally, I have no idea why Fred thinks an "insider attack" is any more of an issue than an arbitrary attack. Regards, Brian
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Int-area mailing list [email protected] https://www.ietf.org/mailman/listinfo/int-area
