[ NNSquad ] Joe Touch @ ISI regarding RST packets

NNSquad - Network Neutrality Squad
NNSquad Home Page
NNSquad Mailing List Information

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ NNSquad ] Joe Touch @ ISI regarding RST packets

To: nnsquad@nnsquad.org
Subject: [ NNSquad ] Joe Touch @ ISI regarding RST packets
From: Lauren Weinstein <lauren@vortex.com>
Date: Wed, 23 Apr 2008 21:25:55 -0700
Cc: lauren@vortex.com

------- Forwarded Message

From: David Farber <dave@farber.net>
To: "ip" <ip@v2.listbox.com>
Date: Wed, 23 Apr 2008 21:18:40 -0700
Subject: [IP] Re:    a wise word from a long time network person --
 Merccurynews report on Stanford hearing

________________________________________
From: Joe Touch [touch@ISI.EDU]
Sent: Wednesday, April 23, 2008 9:29 PM
To: David Farber
Subject: Re: [IP] Re:  :   a wise word from a long time network person -- Merccurynews report on Stanford hearing

Hi, Dave,

David Farber wrote:
> ________________________________________
> From: Brett Glass [brett@lariat.net]
> Sent: Monday, April 21, 2008 9:43 PM
> To: David Farber; ip
> Subject: Re: [IP] Re:   a wise word from a long time network person -- Merccurynews report on Stanford hearing
>
> At 05:42 PM 4/21/2008, Tony Lauck wrote:
...
>> I have no objection to Comcast's managing its network performance. My
>> objection has been to the *form* of Comcast's management, namely the
>> forging of RST packets.
>
> My objection has been to the use of the pejorative term "forging" or
> "forgery." A RST packet is a perfectly good and legitimate way of
> informing the ends of a TCP socket that it is being terminated.

A RST packet is a legitimate way for the endpoints of a connection to
inform each other that a connection has reset.

To inject a RST packet with an IP address that is not your endpoint is
forgery, plain and simple. Proof of this is trivial - consider a
connection that uses IPsec to authenticate the endpoints.
Unauthenticated RSTs would be dropped before TCP processing in that
case, since they are forgeries.

If you don't want the term forgery, would you prefer any of the following:
        - spoofing
        - masquerading
        - falsifying

Or perhaps just lying.

> To understand why, think about what would happen if the socket were
> merely blocked by firewalling. The two sides would retry... and retry...
> and retry before giving up. And by doing so, they'd congest the
> network -- defeating the very purpose of terminating the socket. RST
> packets, on the other hand, inform the two sides that the socket has
> been terminated and there is no point in continuing to retry. Fast,
> efficient, and actually better for the ends (in terms of resource
> consumption) than the alternative.

You can rationalize that the net effect is the same, but that doesn't
mitigate the fact that packets were forged. If I run authentication, the
forged packets would be seen as forgeries. I would consider my system
under attack - as would an automated system - and rightly so.

Joe

-------------------------------------------
Archives: http://www.listbox.com/member/archive/247/=now
RSS Feed: http://www.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com


------- End of Forwarded Message

Prev by Date: [ NNSquad ] FBI asks Congress for ability to monitor all Internet traffic
Next by Date: [ NNSquad ] Reuters: In Senate testimony, FCC Chairman disputes Comcast claims
Previous by thread: [ NNSquad ] FBI asks Congress for ability to monitor all Internet traffic
Next by thread: [ NNSquad ] Reuters: In Senate testimony, FCC Chairman disputes Comcast claims
Index(es):
- Date
- Thread