[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Ever onward

To: Wes Hardaker <wjhns1@hardakers.net>
Subject: Re: Ever onward
From: Eliot Lear <lear@cisco.com>
Date: Wed, 04 Feb 2004 13:19:39 -0500
Cc: Phil Shafer <phil@juniper.net>, netconf <netconf@ops.ietf.org>
In-reply-to: <sd8yjiyd10.fsf@wes.hardakers.net>
References: <200402040630.i146UnBE052066@idle.juniper.net> <sd8yjiyd10.fsf@wes.hardakers.net>
User-agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.6) Gecko/20040113

To be fair it's not that big a deal to add <steal-lock>. The issue will be that <steal-lock> itself introduces a set of attacks that would need to be defended against. Its mere existance would force some sort of non-default authorization so that only a super-root could use it. Otherwise, the attack is as follows:

Break into an account (any account with access privileges). Steal everyone's locks. Continue doing this until you get tired or they are able to identify the offending account.

Eliot

Wes Hardaker wrote:

On Wed, 04 Feb 2004 01:30:49 -0500, Phil Shafer <phil@juniper.net> said:

Phil> I don't see how does this varies from battling for 'configure
Phil> exclusive' mode in JUNOS or 'enable' mode in IOS.

I can't say whether other architectures I haven't looked at
extensively have similar problems.  They may.

4) If you believe you can beat the race condition that has been
discussed, you should note that the attack could also involve a
DDoS attack against the management station, network, or router in
front of same.

Phil> The attack could also involve a forest fire or other natural
Phil> disaster, moving it into the realm of "unrealistic
Phil> scenario". ;^)

Yeah yeah, or...  a asteroid strike, or an alien invasion.  Huh?  Are
you just trying to move it into a realm of unrealistic?  Um, OK.
Interesting argument.

Phil> Global locks aid in both scenarios.  They are simple to understand.
Phil> They are simple to implement.  Nuff said?

I felt I should offer an explanation.  I'm not going to say any more
either.  When products come out and field this protocol, maybe someone
will write a white paper describing the attack and submit it to
bugtraq and we'll see if it gets used or not.  That's the best way to
determine if its really a problem ;-)


--
to unsubscribe send a message to netconf-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/netconf/>

Follow-Ups:
- Re: Ever onward
  - From: "Randy Presuhn" <randy_presuhn@mindspring.com>
- Re: Ever onward
  - From: Wes Hardaker <wjhns1@hardakers.net>

References:
- Re: Ever onward
  - From: Phil Shafer <phil@juniper.net>
- Re: Ever onward
  - From: Wes Hardaker <wjhns1@hardakers.net>

Prev by Date: Re: Ever onward
Next by Date: Re: Ever onward
Previous by thread: Re: Ever onward
Next by thread: Re: Ever onward
Index(es):
- Date
- Thread