[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ICMP messages

To: ipsec@ans.net
Subject: Re: ICMP messages
From: Phil Karn <karn@qualcomm.com>
Date: Wed, 21 Feb 1996 18:10:45 -0800 (PST)
In-Reply-To: <4831.bsimpson@morningstar.com>
Sender: ipsec-request@neptune.tis.com

ICMP is a real pain in the IPSEC context. I'm not sure we can really
make all the cases work right, especially with tunnels.

But I'm not sure this is even a problem. Because spurious ICMP
messages are so easily generated in the Internet, and because you
can't count on them being generated even when they're warranted, most
hosts already treat them as purely advisory in nature. They are mostly
counted and ignored except when a human wants to look at them while
debugging a network path.

In the context of IPSEC, ICMP messages are even more problematic when
you consider that many are unsigned and could be easily faked. I'm a
little uncomfortable even with Bill's otherwise elegant idea of a
"security failure" ICMP message (re)triggering Photuris key exchange
because of the possibility of an attacker generating spurious ICMP
messages as a way to cause hosts to waste a lot of CPU time (re)doing
public key algorithms.

I'm afraid I don't have any real solutions here. Comments?

Phil

References:

Re: ICMP messages

From: "William Allen Simpson" <bsimpson@morningstar.com>

Prev by Date: Re: IPSEC Implementation Survey
Next by Date: draft-ietf-ipsec-esp-des-md5-00.txt
Prev by thread: Re: ICMP messages
Next by thread: Re: (mobile-ip) MD5 Key recovery attack
Index(es):
- Main
- Thread