Re: [CGA-EXT] Hashed DAD
Iljitsch van Beijnum <iljitsch@muada.com> Thu, 28 February 2008 22:31 UTC
Return-Path: <cga-ext-bounces@ietf.org>
X-Original-To: ietfarch-cga-ext-archive@core3.amsl.com
Delivered-To: ietfarch-cga-ext-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 19BE43A6EF7; Thu, 28 Feb 2008 14:31:32 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.563
X-Spam-Level:
X-Spam-Status: No, score=-0.563 tagged_above=-999 required=5 tests=[AWL=-0.126, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_ORG=0.611, RDNS_NONE=0.1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id klVgItpHaI2T; Thu, 28 Feb 2008 14:31:31 -0800 (PST)
Received: from core3.amsl.com (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 612093A6ED2; Thu, 28 Feb 2008 14:31:31 -0800 (PST)
X-Original-To: cga-ext@core3.amsl.com
Delivered-To: cga-ext@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B55013A6ED2 for <cga-ext@core3.amsl.com>; Thu, 28 Feb 2008 14:31:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id x9YqjdCypu+g for <cga-ext@core3.amsl.com>; Thu, 28 Feb 2008 14:31:30 -0800 (PST)
Received: from sequoia.muada.com (unknown [IPv6:2001:1af8:2:5::2]) by core3.amsl.com (Postfix) with ESMTP id AEC423A69B1 for <cga-ext@ietf.org>; Thu, 28 Feb 2008 14:31:29 -0800 (PST)
Received: from [192.168.0.195] (static-167-138-7-89.ipcom.comunitel.net [89.7.138.167] (may be forged)) (authenticated bits=0) by sequoia.muada.com (8.13.3/8.13.3) with ESMTP id m1SMV2v6064572 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Thu, 28 Feb 2008 23:31:03 +0100 (CET) (envelope-from iljitsch@muada.com)
Message-Id: <A5951161-0C2B-4159-93DE-AE1FC37D7A89@muada.com>
From: Iljitsch van Beijnum <iljitsch@muada.com>
To: Suresh Krishnan <suresh.krishnan@ericsson.com>
In-Reply-To: <47C73244.4030809@ericsson.com>
Mime-Version: 1.0 (Apple Message framework v919.2)
Date: Thu, 28 Feb 2008 23:31:05 +0100
References: <18a603a60802281139x220a6227j24d9b0234c65b71b@mail.gmail.com> <47C72E84.9010000@ericsson.com> <68CBF5CB-56EE-40F4-AEA2-4A142767D7CA@muada.com> <47C73244.4030809@ericsson.com>
X-Mailer: Apple Mail (2.919.2)
Cc: cga-ext@ietf.org
Subject: Re: [CGA-EXT] Hashed DAD
X-BeenThere: cga-ext@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: CGA and SeND Extensions <cga-ext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/cga-ext>, <mailto:cga-ext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/cga-ext>
List-Post: <mailto:cga-ext@ietf.org>
List-Help: <mailto:cga-ext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cga-ext>, <mailto:cga-ext-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: cga-ext-bounces@ietf.org
Errors-To: cga-ext-bounces@ietf.org
On 28 feb 2008, at 23:14, Suresh Krishnan wrote: >> However, wouldn't the attack only work if M gets to monitor all >> multicast traffic? If M is required to set up MLD state for the >> multicast group that the NS goes to then a layer 2 device could >> limit the number of multicast groups that M can subscribe to and >> existing DAD wouldn't be susceptible to this attack. > Depends on the link type. On an ethernet link, it would be as easy > as putting the interface in promiscuous mode. That won't help you if the ethernet switch doesn't forward the multicasts. Although the really cheap switches implement multicast simply by broadcasting them to all ports and the somewhat more expensive but still cheap switches don't support IGMP snooping (and we can reasonably assume that in the future, they won't support MLD snooping), in a managed environment having the switches do this is probably easier than a protocol-based solution. However, on wireless links it's much harder to protect against stations simply receiving all multicasts. _______________________________________________ CGA-EXT mailing list CGA-EXT@ietf.org https://www.ietf.org/mailman/listinfo/cga-ext
- [CGA-EXT] Hashed DAD Pars Mutaf
- Re: [CGA-EXT] Hashed DAD Suresh Krishnan
- Re: [CGA-EXT] Hashed DAD Iljitsch van Beijnum
- Re: [CGA-EXT] Hashed DAD Suresh Krishnan
- Re: [CGA-EXT] Hashed DAD Iljitsch van Beijnum
- Re: [CGA-EXT] Hashed DAD Pars Mutaf
- Re: [CGA-EXT] Hashed DAD Suresh Krishnan
- Re: [CGA-EXT] Hashed DAD Pars Mutaf
- Re: [CGA-EXT] Hashed DAD marcelo bagnulo braun
- Re: [CGA-EXT] Hashed DAD Iljitsch van Beijnum
- Re: [CGA-EXT] Hashed DAD marcelo bagnulo braun