[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

re: [RRG] LISP gleaning looks insecure and therefore unusable

To: 'Robin Whittle' <rw@firstpr.com.au>, 'Routing Research Group' <rrg@psg.com>
Subject: re: [RRG] LISP gleaning looks insecure and therefore unusable
From: Xu Xiaohu <xuxh@huawei.com>
Date: Fri, 07 Mar 2008 15:30:54 +0100
Cc: 'Dino Farinacci' <dino@cisco.com>
In-reply-to: <47D1485F.8040903@firstpr.com.au>

> My main concern with gleaning is that it seems to be completely
> insecure.
> 
> An attacker could send a packet to R3 which is identical to the
> packet R3 gets from R1 in the above example, except that instead of
> the outer header's source address being that of R1, it is of the
> attacker's machine Bad1.

Exactly, but not just this security risk, the cache in ETR may also be
overwhelmed by a lot of host-granularity mapping entries which is triggered
by some attacker.

Best wishes,
Xiaohu XU



--
to unsubscribe send a message to rrg-request@psg.com with the
word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/rrg/> & ftp://psg.com/pub/lists/rrg

Follow-Ups:
- Re: [RRG] LISP gleaning looks insecure and therefore unusable
  - From: Robin Whittle <rw@firstpr.com.au>

References:
- [RRG] LISP gleaning looks insecure and therefore unusable
  - From: Robin Whittle <rw@firstpr.com.au>

Prev by Date: [RRG] LISP gleaning looks insecure and therefore unusable
Next by Date: Re: [RRG] LISP gleaning looks insecure and therefore unusable
Previous by thread: [RRG] LISP gleaning looks insecure and therefore unusable
Next by thread: Re: [RRG] LISP gleaning looks insecure and therefore unusable
Index(es):
- Date
- Thread