RE: Multihoming by IP Layer Address Rewriting (MILAR)

[Pekka Savola <pekkas@netcore.fi>]

On Tue, 4 Sep 2001, Christian Huitema wrote:
> Well, you should first prove that we actually need a globally
> distributed hierarchical database. I don't think so. We start with the
> assumption that hosts have multiple addresses, but that the
> corresponding host only knows one of them. The obvious solution is to
> have the peers use the address they know to learn the addresses they
> don't. Using a third party as a server is a tortuous way to solve the
> problem. There are indeed security issues, and we need to address them.
> So far, I see at least two security issues:
>
> 1) Spoofing. Alice speaks to Bob at address B; Eve somehow convinces
> Alice to send packets at address E.
>
> 2) DoS. Eve speaks to Bob, then convinces Bob to send packets to
> Carroll, an unsuspecting third party. Carroll receives a DoS attack that
> cannot be traced to Eve.

2) is a very difficult problem to solve at all.  As are many DoS problems.

Only way I can see this happening is that Bob here would have some
security checks in the implementation.

At the moment I see a couple of different approaches:

- checking the correlation of the last 80 bits of the IPv6 addresses.
This would limits the usability pretty much though, and still wouldn't be
foolproof.

- checking in the DNS/... that the new address "Carroll", _in turn_ also
mentions "Eve" as its secondary address; you have to keep the data in some
_external_ database, to avoid the DoS.

-- 
Pekka Savola                 "Tell me of difficulties surmounted,
Netcore Oy                   not those you stumble over and fall"
Systems. Networks. Security.  -- Robert Jordan: A Crown of Swords