[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: The cost of crypto in end-host multi-homing (was Re: The stateof IPv6 multihoming development)

To: Iljitsch van Beijnum <iljitsch@muada.com>
Subject: Re: The cost of crypto in end-host multi-homing (was Re: The stateof IPv6 multihoming development)
From: Pekka Nikander <Pekka.Nikander@nomadiclab.com>
Date: Mon, 28 Oct 2002 22:23:16 +0200
Cc: multi6@ops.ietf.org
In-reply-to: <20021028195706.C34794-100000@sequoia.muada.com>
References: <20021028195706.C34794-100000@sequoia.muada.com>
User-agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en-US; rv:1.2b) Gecko/20021021

  b) once the primary address becomes unreachable, the hosts check,
     using some simple and cheap crypto, that it is the same host
     answering at the secondary address, *before* sending any larger
     amounts of data to that secondary address.

Why do all this checking? Just assume the host is interested in the
traffic until it tells you otherwise.

Remember that maybe there is no host there.  Maybe the target is
to flood a network.  In IPv6 it is fairly easy to select an empty
address, in fact probably easier than to pick an existing host.

> For TCP apps, you're pretty much

guaranteed to be in slow start anyway, so there wouldn't be much
flooding.

In TCP the attacker can anticipate what you send and send
you faked acks, probably even trick you to send data on
much faster rate than what you otherwise would do.

The checking just takes on round trip, and you can even
piggypack your regular data.

If the host at the new address doesn't want the traffic, there should be
a way for it to make the sender stop without relying on transport
mechanisms such as TCP RSTs. It would be good if the host at the new
address receives the IP address from which all of this was initiated so
an attacker can be traced easily.

I agree with the value of sending the initial address.  However,
we must remember that maybe there is no host in the first place,
and at the time when the local router knows this for sure, it
may be already too late: the router may be completely flooded
with all those extra streams, maybe even targetted to different
address each.

The essense: You *have* to check that it is the *same* host that
is answering in the secondary address *before* you send any larger
amounts of data to that address.

Why? If this address was presented as a valid secondary address
(assuming this is done in a way that is reasonably secure) AND the host
at the new address accepts the traffic, what's the problem?

Once more:  The attacker selects an address that has no host on
it, with the goal of flooding the network.  It will take some
time for the end-router to notice (through ND) that there is no
host in that address.  The attacker can send acks to the TCP
segments, since it knows the sequence numbers and most probably
can anticipate the traffic pattern.  When the end-router is
ready to send ICMP host unreachable, it is already too late since
it will be flooded.

Paying the price of delaying some packets and calculating
one hash (or something equivalent) isn't that high.

--Pekka Nikander

Follow-Ups:
- Re: The cost of crypto in end-host multi-homing (was Re: The stateof IPv6 multihoming development)
  - From: Iljitsch van Beijnum <iljitsch@muada.com>

References:
- Re: The cost of crypto in end-host multi-homing (was Re: The stateof IPv6 multihoming development)
  - From: Iljitsch van Beijnum <iljitsch@muada.com>

Prev by Date: Re: The cost of crypto in end-host multi-homing (was Re: The stateof IPv6 multihoming development)
Next by Date: Re: The cost of crypto in end-host multi-homing (was Re: The state of IPv6 multihoming development)
Previous by thread: Re: The cost of crypto in end-host multi-homing (was Re: The stateof IPv6 multihoming development)
Next by thread: Re: The cost of crypto in end-host multi-homing (was Re: The stateof IPv6 multihoming development)
Index(es):
- Date
- Thread