Re: threats ID

[Masataka Ohta <mohta@necom830.hpcl.titech.ac.jp>]

Pekka Nikander;

> > After some mail exchanges with Pekka N., my understanding is that that 
> > there
> > is an important distinction to be made between these two cases when
> > considering the hijacking attack. The point is that in transport layer
> > solutions, the hijcack attack is limited to the existent established
> > connection while in the IP layer (shim layer also) solutions the attack
> > applies to the complete endnode.
>
>
> Thank you.  A very good explanation.
>
> This also relates somewhat to performance.  If you have per-connection 
> state,

You always have per-connection state, though half established
connection may have state only at one end, for example, as a
protection against TCP SYM flood.

> If you
> have per-host state, then you create the state on first connection, and
> then share it with the other ones that are created during the lifetime
> of the state.

Some application, such as DNS, may have per-host state.

However, IP layer does not have any state of a connection, because
it is connectionless. State of MIP binding is not of a connection
but of a binding between two addresses of a single end.

Several connections may share states, though it introduces new
security threats without any meaningful benefit.

> In my opinion, many of the shim approaches
> do create a kind of a new layer, say layer 3.5, which contains a per-host
> state, potentially shared by multiple transport layer connections.

All the shim layers are working at least at layer 4 that there
is no point to say layer 3.5

They depend on layer 4 details such as how TCP calculates its check
sum. MTU change creates another dependency with layer 4 and above.

							Masataka Ohta