>(1) ICMP Source quench is more problematic in the general case than for
>"wireless TCP" weenies, because most of the wireless TCP environments that
>I've seen or heard about don't have lots of connections open. In the general
>case, ICMP SQ can affect lots of connections that don't have any
>relationship to the congestion being encountered. If you only have a few
Only if you're careless in how you generate the SQs. Just as you can
cause unfairness by always dropping the last packet to arrive at a
queue, you can do the same with SQs. A more refined algorithm like RED
could be applied to the generation of SQs just as well as to packet
drops.
>The other knock on ICMP SQ is, of course, that these messages aren't
>authenticated, so that denial of service attacks are difficult to defend
>against.
This is true for all ICMP messages, yet they are still useful if you
take proper precautions. We see what happens when people get overly
paranoid about ICMP (Path MTU black holes). Because the effect of an
ICMP SQ is temporary, I don't see it as especially dangerous.
Also, most denial-of-service attacks involving forged packets invovle
attackers who cannot see the traffic coming from the target to
addresses other than his own. Simply verifying the transport header
included in an incoming SQ message would therefore help detect bogus
messages, as the attacker wouldn't necessarily know what connections
the target has open. You're free to ignore ICMP messages that mention
unknown connections.
>So my take is that deploying ECN is a good thing for "long thin networks",
On this I think we can all agree!
Phil
This archive was generated by hypermail 2b29 : Mon Jan 28 2002 - 09:12:20 EST