[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: threats ID

To: mbagnulo@ing.uc3m.es
Subject: Re: threats ID
From: Masataka Ohta <mohta@necom830.hpcl.titech.ac.jp>
Date: Tue, 20 Jan 2004 09:42:18 +0900
Cc: Brian E Carpenter <brc@zurich.ibm.com>, Multi6 List <multi6@ops.ietf.org>
In-reply-to: <LIEEJBCNFDJHFFKJJDPAEECKDJAA.mbagnulo@ing.uc3m.es>
References: <LIEEJBCNFDJHFFKJJDPAEECKDJAA.mbagnulo@ing.uc3m.es>
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 (ax)

Marcelo;

IMHO both drafts complement themselves pretty well because Erik & Tony's
draft essentially analyze the threats from a IP layer perspective and
Masataka's draft analize the threats from a transport layer perspective.


The problem for Erik and Tony, then, is that IP layer of
multi6 is no different from the current one.

After some mail exchanges with Pekka N., my understanding is that that there
is an important distinction to be made between these two cases when
considering the hijacking attack.

Good.

Can you answer the following simple question?

What, do you think, is being hijacked?

Connections?

Note that, unless you extensibly modify IP layer, there is no
connections there.

The point is that in transport layer
solutions, the hijcack attack is limited to the existent established
connection while in the IP layer (shim layer also) solutions the attack
applies to the complete endnode.

Wrong. Attack is always applied to the end.

Because the attack applies to the endnode,
the attacker can do things like establishing aconnection creating some state
so that futuer communications initated by the victim are also redirected.


Establishing a connection is a functionality of the transport
layer.

That is in IP layer solutions the complete identity of the victim

There is no IP layer solutions.

Just like NAT operates not only at the IP layer but also at the
transport and applicaiton layers, shim layers are not only at
the IP layer.

So I guess that i agree with Masataka that a return routability check with a
cookie is enough to redirect a connection but IMHO this is not enough to
redirect a complete identity at the IP layer level.
I mean time shifting attacks may be acceptable as long they can only affect
a connection.


"Time shifting attack" is meaningful if only there is persistent
relationship, that is connection, that it is not at the
connectionless layer.

Masataka Ohta

Follow-Ups:
- RE: threats ID
  - From: "marcelo bagnulo" <mbagnulo@ing.uc3m.es>
- Re: threats ID
  - From: Kurt Erik Lindqvist <kurtis@kurtis.pp.se>

References:
- RE: threats ID
  - From: "marcelo bagnulo" <mbagnulo@ing.uc3m.es>

Prev by Date: RE: threats ID
Next by Date: Re: threats ID
Previous by thread: RE: threats ID
Next by thread: Re: threats ID
Index(es):
- Date
- Thread