[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: multi6-threats-00.txt vs. MIPv6 - different strength verifications?



> > Yes, but a weak verification can be converted to a strong verification
> > at any time by invoking the strong verification mechanism (be it DNS
> > or CBID-based).
> 
> Why not go for the strong stuff immediately?

Because it is likely to be more expensive; for CBID schemes you'd need
a public key challenge response (signing by the peer, verification at your end)
and for DNS schemes like NOID you'd need at least a reverse lookup of the new
locator. If the new locator is from a revious unused ISP DNS cachaes might 
not help and if DNSsec is used this implies verifying at least 3 (or it is 6
with delegation signer?) since there are likely to be 3 new delegations to
find the previously unused ip6.arpa entry.

Hence I think it is useful to explore different weak schemes that
defers stronger verification until it is actually needed (for instance,
until the peer rehomes to different locators).

> Wireless networks are a good example. Many switches provide monitoring 
> capabilities and fibers are not that hard to sniff. So someone with 
> physical access can look at the traffic with relative ease. However, in 
> order to block selected packets the attacker needs to redirect traffic 
> or install equipment in the middle. I suppose that's doable on wireless 
> lans but not so much when tapping into existing monitoring 
> capabilities.

ARP/ND spoofing works well for any LAN I suspect.
Hadn't thought about using monitoring capabailities.
Do these require physical access, or can they be exploited remotely
due to poor access control in the switches?
If the attacker has physical access I don't know if there
is that much different between installing some inductive coupling on
a wire and installing a box on that wire.
Remember that we assume that security sensitive traffic secure its payload
(IPsec, TLS, etc) thus for that traffic the worst attack is a DoS. And an
attacker with physical access can accomplish a DoS by just cutting the wire.

Granted that there is a slight difference between cutting a wire
and selectively redirecting a single connection/host-pair communication
to a black hole; the former is much more likely to be detected and promptly
repaired.

    Erik