ICMP Attacks Against TCP Revisited
Slashdot alerted me to a KernelTrap article about Fernando Gont at the recent OpenBSD hackathon. I mentioned Gont's work in April. The Slashdot post has some surprisingly good commentary, like this historical perspective and this summary.
Three aspects of the KernelTrap story bother me. First, Cisco sounds like it is more interested in patenting a fix for the problem, and less interested in getting the problem fixed in a timely manner. Second, the disclosure process sounds broken, with Gont now preferring to avoid dealing with vendors entirely. Third, Cisco sounds like one of its employees needs a real attitude adjustment:
"'They blamed me for submitting my work,' Fernando said in exasperation. 'One of Cisco's managers of PSIRT said I was cooperating with terrorists, because a terrorist could have gotten the information in the paper I wrote!'"
Sorry, terrorists attack planes, buildings, and (tragically in Spain and now the UK) trains and subway systems. They do not use ICMP to degrade TCP connections.
Three aspects of the KernelTrap story bother me. First, Cisco sounds like it is more interested in patenting a fix for the problem, and less interested in getting the problem fixed in a timely manner. Second, the disclosure process sounds broken, with Gont now preferring to avoid dealing with vendors entirely. Third, Cisco sounds like one of its employees needs a real attitude adjustment:
"'They blamed me for submitting my work,' Fernando said in exasperation. 'One of Cisco's managers of PSIRT said I was cooperating with terrorists, because a terrorist could have gotten the information in the paper I wrote!'"
Sorry, terrorists attack planes, buildings, and (tragically in Spain and now the UK) trains and subway systems. They do not use ICMP to degrade TCP connections.
Comments
The IETF specifications say "the entire IP header plus the first 64 bits of the IP payload" are included. It never mentions "TCP headers".
And there is no RFC that recommends to perform checks on the received ICMP messages.
It's really a shame he call himself a "researcher".