[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Fwd: draft-ietf-opsec-filter-caps-08.txt

To: gmj@pobox.com
Subject: Re: Fwd: draft-ietf-opsec-filter-caps-08.txt
From: Ron Bonica <rbonica@juniper.net>
Date: Thu, 28 Jun 2007 10:53:57 -0400
Cc: Chris Morrow <morrowc@ops-netman.net>, opsec@ops.ietf.org
In-reply-to: <c1468ac50706280112w2e90c483kee9e6cec2ba16d57@mail.gmail.com>
References: <E1Hxqaj-0003pn-06@stiedprstage1.ietf.org> <C35ADD020AEBD04383C1F7F644227FDF03D83EBF@xmb-sjc-227.amer.cisco.com> <468288A4.9050208@juniper.net> <F5A79497-F473-4983-97EC-E97B5B399061@tcb.net> <c1468ac50706280112w2e90c483kee9e6cec2ba16d57@mail.gmail.com>
User-agent: Mozilla Thunderbird 1.0.2 (Windows/20050317)

Folks,

Please take care of this bit, change the draft to INFORMATIONAL and post
it. As soon as it is posted, I will schedule it for IESG review.

                                      Ron


George Jones wrote:
> Chris, I think that was your text.    Care to take a crack that the
> rewording ?
> 
> ---George
> 
> ---------- Forwarded message ----------
> From: Danny McPherson <danny@tcb.net>
> Date: Jun 27, 2007 10:01 PM
> Subject: draft-ietf-opsec-filter-caps-08.txt
> To: opsec@ops.ietf.org
> 
> 
> Re-reading this I-D one trivial technical comment from section
> 3.6:
> 
>       Some denial of service attacks are based on the ability to flood
>       the victim with ICMP traffic.  One quick way (admittedly with
> some
>       negative side effects, e.g. breaking path MTU discovery) to
>       mitigate the effects of such attacks is to drop all ICMP traffic
>       headed toward the victim.
> 
> I'm not sure how dropping ICMP traffic *toward the victim* breaks
> P-MTU, unless it's some ICMP-based Application that's looking to
> discover the path MTU.  If you're dropping ICMP traffic back towards
> the source (i.e., the ICMP Destination Unreachable - fragmentation
> needed and DF set) responses I'd understand, but I don't fully
> understand the "e.g." above.  Was this an oversight or aim I missing
> something?
> 
> Thanks!
> 
> -danny
>

Follow-Ups:
- Re: draft-ietf-opsec-filter-caps-08.txt
  - From: Danny McPherson <danny@tcb.net>

References:
- RE: Last Call: draft-ietf-opsec-filter-caps (Filtering and Rate Limiting Capabilities for IP Network Infrastructure) to BCP
  - From: "Barry Greene \(bgreene\)" <bgreene@cisco.com>
- Re: Last Call: draft-ietf-opsec-filter-caps (Filtering and Rate Limiting Capabilities for IP Network Infrastructure) to BCP
  - From: Ron Bonica <rbonica@juniper.net>
- draft-ietf-opsec-filter-caps-08.txt
  - From: Danny McPherson <danny@tcb.net>
- Fwd: draft-ietf-opsec-filter-caps-08.txt
  - From: "George Jones" <eludom@gmail.com>

Prev by Date: Re: draft-ietf-opsec-filter-caps-08.txt
Next by Date: Re: draft-ietf-opsec-filter-caps-08.txt
Previous by thread: Re: draft-ietf-opsec-filter-caps-08.txt
Next by thread: Re: draft-ietf-opsec-filter-caps-08.txt
Index(es):
- Date
- Thread