ICMP Unreachable

Thomas Narten narten@raleigh.ibm.com
Wed, 20 Jan 1999 12:34:35 -0500


> > It might not be a big problem for most people, but in the IPv4 used today
> > any person can disconnect almost any connection with little or no knowledge
> > using ICMP unreachable attacks.
> > 
> > I was woundering if this was fixed in IPv6, or if the "problem" will
> > persist.

> This problem is largely due to shortcomings in TCP implementations
> which are independent of IPv4 vs. IPv6.  However, since IPv6 requires
> implementors to make at least some minor changes to TCP code (to
> deal with bigger addresses and changed pseudo-header), it would be
> nice if implementors used the occasion to also fix their TCPs' behavior
> in response to ICMP error message (in particular, changing them to
> treat most ICMP errors as transient rather than fatal).

Indeed, this has been a known problem for quite some time. RFC 1122
specifically says:

>             o    Destination Unreachable -- codes 0, 1, 5
> 
>                  Since these Unreachable messages indicate soft error
>                  conditions, TCP MUST NOT abort the connection, and it
>                  SHOULD make the information available to the
>                  application.

Which recent stacks still don't follow this recommendation? I thought
this problem had been largely fixed.

Thomas