[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

re: [RRG] LISP gleaning looks insecure and therefore unusable



> My main concern with gleaning is that it seems to be completely
> insecure.
> 
> An attacker could send a packet to R3 which is identical to the
> packet R3 gets from R1 in the above example, except that instead of
> the outer header's source address being that of R1, it is of the
> attacker's machine Bad1.

Exactly, but not just this security risk, the cache in ETR may also be
overwhelmed by a lot of host-granularity mapping entries which is triggered
by some attacker.

Best wishes,
Xiaohu XU



--
to unsubscribe send a message to rrg-request@psg.com with the
word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/rrg/> & ftp://psg.com/pub/lists/rrg