> From: Joe Touch <touch@ISI.EDU>
> To: Erik Nordmark <Erik.Nordmark@eng.sun.com>
> > This doesn't list what I thought was an obvious issue.
> > If multiple nodes are originating packets with the same source
> > IP address it will be rather hard for them to ensure the required
> > uniqueness on the IP ID field (unique for the combination
> > of source IP, destination IP and protocol).
> >
> > I suspect that most of boxes that play these games don't worry about
> > IP ID which might cause garbage reassembly should the same
> > IP ID be used when multiple such boxes are sending to the same IP address.
>
>
> Good point.
>
> I suspect they ignore the issue because of how they demux to multiple
> boxes;
> if the demux is by a hash of source IP address, then there's no need for
> coordination thereafter.
That's ok for the redirected ISP customers and the box itself, but
what about the distant server that is getting less than half of the
(addr, port, addr, port) 4-tuple? I thought the point was that
the distant SMTP or HTTP server would be getting second or later
IP fragments with colliding IP ID's, identical source (proxy's)
and destination (server's) IP addresses, and so with no clue which
IP fragments belong to which stream.
> I'll certainly add that to the list. There's a corrolary at the TCP
> level, of port reuse, etc.
Is that a sign of good things happening to the document?
I've been hoping to see some activity in the WREC list about either
hijacking--uh--redirecting proxy hazards documement or the document
NECP Is something happening behind the scenes? If so, please forget
I asked.
Vernon Schryver vjs@rhyolite.com
This archive was generated by hypermail 2b29 : Thu Nov 18 2004 - 11:21:28 MST