[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Multihoming by IP Layer Address Rewriting (MILAR)



> From: Iljitsch van Beijnum [mailto:iljitsch@muada.com]
> 
> On Tue, 4 Sep 2001, Christian Huitema wrote:
> 
> > There is no dependency between connectivity and the DNS, and there
> > should not be. A multi-homing solution that depends on the DNS is a
> non
> > starter.
> 
> Are you saying that if there is a good way to implement multihoming
> that requires a globally distributed hierarchical database system, we
> should create a new one?

Well, you should first prove that we actually need a globally
distributed hierarchical database. I don't think so. We start with the
assumption that hosts have multiple addresses, but that the
corresponding host only knows one of them. The obvious solution is to
have the peers use the address they know to learn the addresses they
don't. Using a third party as a server is a tortuous way to solve the
problem. There are indeed security issues, and we need to address them.
So far, I see at least two security issues:

1) Spoofing. Alice speaks to Bob at address B; Eve somehow convinces
Alice to send packets at address E.

2) DoS. Eve speaks to Bob, then convinces Bob to send packets to
Carroll, an unsuspecting third party. Carroll receives a DoS attack that
cannot be traced to Eve.

Note that the server approach may solve spoofing, but does not solve the
DoS attack -- Eve could just as well put Carroll's address in her server
entry. Also note that there are many ways to solve spoofing.

-- Christian Huitema