[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: additional attack for multi6 threat draft?

To: "Masataka Ohta" <mohta@necom830.hpcl.titech.ac.jp>
Subject: RE: additional attack for multi6 threat draft?
From: "marcelo bagnulo" <mbagnulo@ing.uc3m.es>
Date: Sun, 7 Dec 2003 11:30:30 +0100
Cc: <multi6@ops.ietf.org>
In-reply-to: <3FD265F1.5030106@necom830.hpcl.titech.ac.jp>
Reply-to: <mbagnulo@ing.uc3m.es>

> > Well, this is not striclty related with MiTM attack, but with
> redirection
> > for future usage, let me try to explain.
>
> X on the same shared link as A is a specific form of MITM.
>
> > If ip addresses are used as identifiers (as in the case of mip), return
> > routability can be used to verify the identity.
> > the problem in this case, is that the attacker can play as a MITM for a
> > *limited* period of time and manage to beat the verification
> mechanism as
> > long as the acquired authorization information is valid.
>
> Yes, it is a MITM.

in THIS case, is MiTM for a limited period of time. (Please note the
difference between an attack that requires MiTM during the complete attack
and an attack that only requires MiTM during a short period of time and
allowing that the attack to go on after the attacker is no longer a MiTM)

but in other cases, you may not even need to be a MiTM
For instance if you don't do any type of verification of the identity. In
this case you don't even have to intercept packets. this would apply for
instance to the delayed set-up. for instance, suppose that we are using the
delayed setup model. I send my id and my locator without any verification
and i end up the communication before the verification is performed. then
what happens to the state binding the identifier and the locator? if this
state is preserved, the correspondent node may use it when establishing
communication with the identifier previously used (but not verified). So in
order to prevent this, the state should not be used for other
communications.

OTOH, i really don't see how a MiTM can steal an identity when you are using
SIM, for instance. I mean, the identity is the hash of the public key, so
the only way to fake the identity would be to be capable of generating the
private key... so i don't see how the MiTM could ever do this?


>
> As a MITM, an attacker can, for example, contaminate DNS cache for
> persistent effect.
>

Well, there is a little difference here...

As i mention, in the case that i am considering is the attacker the ones
that decides when the state is generated in the victim, so the attacker can
choose the moment that it is easier for him to do this.
In the DNS case, the attacker has to wait for the DNS query and intercept
it. So the attacker doesn't select the moment of the attack, it has to wait
the right moment

regards, marcelo

Follow-Ups:
- Re: additional attack for multi6 threat draft?
  - From: Masataka Ohta <mohta@necom830.hpcl.titech.ac.jp>

References:
- Re: additional attack for multi6 threat draft?
  - From: Masataka Ohta <mohta@necom830.hpcl.titech.ac.jp>

Prev by Date: Re: additional attack for multi6 threat draft?
Next by Date: Re: Terminology [Re: Some Comments on ID/Loc Separation Proposals]
Previous by thread: Re: additional attack for multi6 threat draft?
Next by thread: Re: additional attack for multi6 threat draft?
Index(es):
- Date
- Thread