[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [RRG] LISP gleaning looks insecure and therefore unusable
Hello Xiaohu,
You wrote:
> Exactly, but not just this security risk, the cache in ETR may also be
> overwhelmed by a lot of host-granularity mapping entries which is triggered
> by some attacker.
Yes, this is an additional problem.
Resource depletion in ITRs due to DoS attacks is a concern, but normally
it only happens due to packets sent from inside the ITR's own network.
With this gleaning DoS attack, the attacker could be outside the ETR/ITR's
network. Each packet sent to the ETR in this encapsulated format would
cause it to chew up memory for one bogus EID -> RLOC gleaned mapping.
- Robin
--
to unsubscribe send a message to rrg-request@psg.com with the
word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/rrg/> & ftp://psg.com/pub/lists/rrg