[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [RRG] LISP gleaning looks insecure and therefore unusable

To: 'Routing Research Group' <rrg@psg.com>
Subject: Re: [RRG] LISP gleaning looks insecure and therefore unusable
From: Robin Whittle <rw@firstpr.com.au>
Date: Sat, 08 Mar 2008 01:46:07 +1100
Cc: Xu Xiaohu <xuxh@huawei.com>, 'Dino Farinacci' <dino@cisco.com>
In-reply-to: <001501c8805f$de2d2c50$f6f1c80a@china.huawei.com>
Organization: First Principles
References: <001501c8805f$de2d2c50$f6f1c80a@china.huawei.com>
User-agent: Thunderbird 2.0.0.12 (Windows/20080213)

Hello Xiaohu,

You wrote:

> Exactly, but not just this security risk, the cache in ETR may also be
> overwhelmed by a lot of host-granularity mapping entries which is triggered
> by some attacker.

Yes, this is an additional problem.

Resource depletion in ITRs due to DoS attacks is a concern, but normally
it only happens due to packets sent from inside the ITR's own network.

With this gleaning DoS attack, the attacker could be outside the ETR/ITR's
network.  Each packet sent to the ETR in this encapsulated format would
cause it to chew up memory for one bogus EID -> RLOC gleaned mapping.

  - Robin

--
to unsubscribe send a message to rrg-request@psg.com with the
word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/rrg/> & ftp://psg.com/pub/lists/rrg

References:
- re: [RRG] LISP gleaning looks insecure and therefore unusable
  - From: Xu Xiaohu <xuxh@huawei.com>

Prev by Date: re: [RRG] LISP gleaning looks insecure and therefore unusable
Next by Date: re: [RRG] Happiness; lack thereof
Previous by thread: re: [RRG] LISP gleaning looks insecure and therefore unusable
Next by thread: [RRG] Re: LISP gleaning looks insecure and therefore unusable
Index(es):
- Date
- Thread