[openib-general] InfiniBand EndPort Liveness and Responsiveness
James Lentini
jlentini at netapp.com
Thu Jul 28 11:34:29 PDT 2005
On Wed, 27 Jul 2005, Hal Rosenstock wrote:
> On Wed, 2005-07-27 at 09:54, James Lentini wrote:
>> Being able to debug connectivity problems at the IB level strikes me
>> as very useful. Perhaps some people expect to always use IPoIB on
>> their IB network, and therefore plan to use IP tools. Even in these
>> configurations, native IB protocols would be useful if IPoIB wasn't
>> working.
>
> Right; IPoIB relies on more working (multicasting, etc.) than this
> proposal does.
>
>> It looks like you modeled the ECHO and TIMESTAMP formats after their
>> ICMP counterparts.
>
> Yes.
>
>> The TIMESTAMP type appears to have been dropped from ICMPv6. Do you know why?
>
> No but it sounds like it might be relevant. The only thing I saw were
> some comments related to security and replay attacks. Not sure if that
> was the reason it was eliminated from ICMPv6.
I found several referencess like this one with Google:
http://www.nessus.org/plugins/index.php?view=single&id=10114
The remote host answers to an ICMP timestamp request. This
allows an attacker to know the date which is set on your machine.
This may help him to defeat all your time based authentication
protocols.
Solution : filter out the ICMP timestamp requests (13), and the
outgoing ICMP timestamp replies (14).
Given that, I'd recommend removing it.
More information about the general
mailing list