Re: [AVTCORE] [R-C] Fwd: I-D Action: draft-perkins-avtcore-rtp-circuit-breakers-00.txt
Harald Alvestrand <harald@alvestrand.no> Wed, 07 March 2012 09:22 UTC
Return-Path: <harald@alvestrand.no>
X-Original-To: avt@ietfa.amsl.com
Delivered-To: avt@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E1A2E21F8652 for <avt@ietfa.amsl.com>; Wed, 7 Mar 2012 01:22:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -110.14
X-Spam-Level:
X-Spam-Status: No, score=-110.14 tagged_above=-999 required=5 tests=[AWL=-0.141, BAYES_00=-2.599, J_CHICKENPOX_84=0.6, RCVD_IN_DNSWL_HI=-8, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GZW01IkZQT92 for <avt@ietfa.amsl.com>; Wed, 7 Mar 2012 01:22:11 -0800 (PST)
Received: from eikenes.alvestrand.no (eikenes.alvestrand.no [158.38.152.233]) by ietfa.amsl.com (Postfix) with ESMTP id 9111221F864F for <avt@ietf.org>; Wed, 7 Mar 2012 01:22:10 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by eikenes.alvestrand.no (Postfix) with ESMTP id 8114139E17B; Wed, 7 Mar 2012 10:22:09 +0100 (CET)
X-Virus-Scanned: Debian amavisd-new at eikenes.alvestrand.no
Received: from eikenes.alvestrand.no ([127.0.0.1]) by localhost (eikenes.alvestrand.no [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6ACtSBEP9aVg; Wed, 7 Mar 2012 10:22:09 +0100 (CET)
Received: from [192.168.11.193] (c213-89-143-9.bredband.comhem.se [213.89.143.9]) by eikenes.alvestrand.no (Postfix) with ESMTPS id C5E1F39E17A; Wed, 7 Mar 2012 10:22:08 +0100 (CET)
Message-ID: <4F5728C0.8040803@alvestrand.no>
Date: Wed, 07 Mar 2012 10:22:08 +0100
From: Harald Alvestrand <harald@alvestrand.no>
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:10.0.2) Gecko/20120216 Thunderbird/10.0.2
MIME-Version: 1.0
To: Varun Singh <vsingh.ietf@gmail.com>
References: <20120305201759.24406.49431.idtracker@ietfa.amsl.com> <766FE318-7DE3-4481-B3C4-C45F2A94C881@csperkins.org> <4F55C25A.9010407@alvestrand.no> <CAEbPqry_wqrj0AHL9cjtYbiDc3xwL_fUoAVg8U91Lo9rkMrFrA@mail.gmail.com> <4F55DE35.6060104@alvestrand.no> <CAEbPqrwmF_cGupn6dX0k_1=Vc+rfO8UJp9689WUEXeE_0ebjNQ@mail.gmail.com>
In-Reply-To: <CAEbPqrwmF_cGupn6dX0k_1=Vc+rfO8UJp9689WUEXeE_0ebjNQ@mail.gmail.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: Colin Perkins <csp@csperkins.org>, "avt@ietf.org WG" <avt@ietf.org>, rtp-congestion@alvestrand.no
Subject: Re: [AVTCORE] [R-C] Fwd: I-D Action: draft-perkins-avtcore-rtp-circuit-breakers-00.txt
X-BeenThere: avt@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Audio/Video Transport Core Maintenance <avt.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/avt>, <mailto:avt-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/avt>
List-Post: <mailto:avt@ietf.org>
List-Help: <mailto:avt-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/avt>, <mailto:avt-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Mar 2012 09:22:12 -0000
On 03/06/2012 02:26 PM, Varun Singh wrote: > Hi Harald, > > Comment inline. > > On Tue, Mar 6, 2012 at 11:51, Harald Alvestrand<harald@alvestrand.no> wrote: >> On 03/06/2012 10:21 AM, Varun Singh wrote: >>>> Security considerations (missing section): For an end node that >>>> implements >>>> this specification, an active attacker can cut the transmission by faking >>>> two RTCP packets that get accepted instead of the recipient's RTCP >>>> packets. >>>> This may be worthy of a note, and pointer to appropriate defenses. >>> This is a valid attack. However, if we consider no early-feedback (the >>> draft currently only follows RFC3550 timing rules) then the attacker's >>> second fake report may be ignored by the sender because it is too >>> early. Meanwhile, the actual receiver may get to deliver its RTCP RR. >>> >>> >>> Example: >>> SR | | >>> | I >>> >>> -----------------------------------------------------------------------------------------------------------> >>> time >>> RR | F | F | >>> F F | >>> >>> | are valid SR and RR, F are Fake RTCPs (replaying the last valid RTCP >>> report). So, instead of waiting for 3 RTCP reports to arrive the >>> sender MUST wait two RTCP intervals? >> Yes, I think stating that the sender waits two RTCP intervals before drawing >> a conclusion is a reasonable defense against this version of the attack. >> >> Another interesting version is what happens if the attacker bumps up the >> "highest sequence number received" - the security considerations may want to >> say that RRs with a "highest sequence number received" larger than the >> highest sequence number sent MAY be part of an attack, so SHOULD be >> disregarded. > I am not sure if an endpoint reporting a HSN_received larger than the > HSN_sent trips any circuit breaker, but if the endpoint doesn't ignore > the report then the endpoint may reset its timeout counter. What could happen is this: Victim receiver:RTCP, HSN(low) Attacker: RTCP, HSN(high) Victim sender: OK, HSN is (high) Victim receiver:RTCP, HSN(low+some) Victim sender: Oops, HSN did not increase Victim receiver:RTCP, HSN(low+some+some) Victim sener: Oops, HSN did not increase for two RTCP intervals. Shut down. One-packet denial of service. If HSN is always verified against last-sent, and the report is discarded as erroneous if it is higher than last-sent, this attack cannot occur. > > A plan for action for the Security considerations can be to list the > values in the fake RTCP report that can trip a circuit breakers and > then see how the endpoint can detect or protect against that kind of > attack. > >> But of course, using SRTP on the RTCP channel is also an option for the >> defender; that allows the receiver to detect that the replays are replays, >> and discard them for that reason. > Yes. >
- Re: [AVTCORE] [R-C] Fwd: I-D Action: draft-perkin… Harald Alvestrand
- [AVTCORE] Fwd: I-D Action: draft-perkins-avtcore-… Colin Perkins
- Re: [AVTCORE] [R-C] Fwd: I-D Action: draft-perkin… Varun Singh
- Re: [AVTCORE] [R-C] Fwd: I-D Action: draft-perkin… Harald Alvestrand
- Re: [AVTCORE] [R-C] Fwd: I-D Action: draft-perkin… Varun Singh
- Re: [AVTCORE] [R-C] I-D Action: draft-perkins-avt… Colin Perkins
- [AVTCORE] rtp-circuit-breakers-00 when not using … James M. Polk
- Re: [AVTCORE] [R-C] Fwd: I-D Action: draft-perkin… Harald Alvestrand
- Re: [AVTCORE] [R-C] Fwd: I-D Action: draft-perkin… Colin Perkins
- Re: [AVTCORE] [R-C] Fwd: I-D Action: draft-perkin… Harald Alvestrand
- Re: [AVTCORE] I-D Action: draft-perkins-avtcore-r… Colin Perkins
- Re: [AVTCORE] [R-C] I-D Action: draft-perkins-avt… Varun Singh
- Re: [AVTCORE] Fwd: I-D Action: draft-perkins-avtc… Mark Handley
- Re: [AVTCORE] rtp-circuit-breakers-00 when not us… Colin Perkins