[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: multi-addressing review (was:RE: New multiaddressing review and new MAST draft)
> -----Mensaje original-----
> De: Dave Crocker [mailto:dhc@dcrocker.net]
> Enviado el: miercoles, 17 de septiembre de 2003 15:14
> Para: marcelo bagnulo
> CC: multi6@ops.ietf.org; mbagnulo@ing.uc3m.es
> Asunto: Re: multi-addressing review (was:RE: New multiaddressing review
> and new MAST draft)
>
>
> marcelo,
>
> mb> The only considered threat is connection hijacking. I guess
> there much other
> mb> issues to consider.
>
> Thank you for raising this point. I'll start by commenting that
> I expected
> folks to take exception with the paper, on this matter, and that
> I think it is
> extremely important to have consensus about the security issues
> that need to
> be covered for multiaddressing.
>
> I took an extreme position, in the paper, because I think we need
> to make sure
> that the number and type of security issues are kept to the bare minimum
> necessary.
>
> The key question is: What are security issues are created by
> multiaddressing and alter the existing IP security?
>
Right.
I think that there are other people in the list who can provide a so much
better answer to this question than me...
Anyway, Tony Li's design team has promised a security analysis from a great
expert, so we are waiting.
>
> mb> However, it is also important to consider the
> mb> new threats that the adoption of multi-addressing mechanisms
> means for other
> mb> hosts in the internet (for instance non-mobile, non multi-homed hosts)
> mb> For instance, flooding attacks, dos attacks.
>
> However, existing IP is subject to these attacks, is it not?
>
I think so, but we have to make sure that deploying a multi-addressing
solution just don't enable more of them.
For instance, suppose that you have no security at all and you enable to
send BU to move a connection from an ip address to another.
You can create a flooding attack by just initiating a communication with a
streaming server and then just move to the target host (you can find a
better explanation in section 3.2.1 basic flooding of the ro sec draft)
>
> mb> Other type of attacks should also be considered such as time shifting
> mb> attacks.
>
> What is a "time shifting attack"?
>
In current ipv4, if an attacker wnats to pretend to be at a given ip address
(steal the address, impersonate, whatever), the attacker must be on place,
intercepting the packets in order to receive them.
However, if you enable something such as BU that allows you to say to the
other node that from now on he must send packets to an alternative address
(i.e. and alternative location), the attacker can divert the traffic to a
more confortable location for him. So the attacker is not required to be on
place during the complete period of the attack. Or in other words, the
attacker can leave the location where it intercepts the packets and still
perform the attack. (Again a much better explanation of this can be found in
the ro sec document section 4.3 Quick expiration of the BCE and section 5.1
Time Shifting attacks)
Regards, marcelo
>
> d/
> --
> Dave Crocker <dcrocker-at-brandenburg-dot-com>
> Brandenburg InternetWorking <www.brandenburg.com>
> Sunnyvale, CA USA <tel:+1.408.246.8253>
>