Re: [CGA-EXT] Possible DoS attack to DAD in SEND ?

Alberto García <> Fri, 27 November 2009 10:36 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id A580B3A6810 for <>; Fri, 27 Nov 2009 02:36:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -5.091
X-Spam-Status: No, score=-5.091 tagged_above=-999 required=5 tests=[AWL=1.208, BAYES_00=-2.599, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_MED=-4]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id av64W9OdZfgV for <>; Fri, 27 Nov 2009 02:36:19 -0800 (PST)
Received: from ( []) by (Postfix) with ESMTP id 6C22F3A6A0C for <>; Fri, 27 Nov 2009 02:36:19 -0800 (PST)
X-uc3m-safe: yes
Received: from bombo ( []) (using TLSv1 with cipher RC4-MD5 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTP id 274AE6C2C99; Fri, 27 Nov 2009 11:36:12 +0100 (CET)
From: =?ISO-8859-15?Q?Alberto_Garc=EDa?= <>
To: "'Tony Cheneau'" <>
References: <BA2095E910AB454F9408A7EF7B249BD9@bombo> <alpine.LNX.2.00.0911262254210.11124@localhost.localdomain>
Date: Fri, 27 Nov 2009 11:36:10 +0100
Message-ID: <A0A0A57B32404C99887B1820AF5242DA@bombo>
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-15"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Office Outlook 11
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5579
Thread-Index: Acpu6jhVvRhwOn7JRHKGNTrnskBINwAXt8lw
In-Reply-To: <alpine.LNX.2.00.0911262254210.11124@localhost.localdomain>
X-TM-AS-Product-Ver: IMSS-
Subject: Re: [CGA-EXT] Possible DoS attack to DAD in SEND ?
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: CGA and SeND Extensions <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 27 Nov 2009 10:36:20 -0000

Thanks, Tony

|  -----Mensaje original-----
|  De: Tony Cheneau []
|  Enviado el: jueves, 26 de noviembre de 2009 23:46
|  Para: Alberto García
|  CC:
|  Asunto: Re: [CGA-EXT] Possible DoS attack to DAD in SEND ?
|  Hello Alberto,
|  > I was wondering if the following is really an issue for SEND hosts
|  > DAD, and if it is worth to be protected (this arose when defining SAVI
|  > operation for SEND):
|  This is the attack I described to the list in this mail:
|  And then a thread (providing some other solutions):
|  > I don't see in RFC 3971 any countermeasure to this. Am I right?
|  The spec does not say how to counter this. However, in a current
|  implementations, adding a fix seems pretty straightforward.
|  >
|  > Do you think this is a problem? If so, do you think it needs to be
|  IMHO, RFC 3971-bis should explicitly provide a solution to counter this
|  attack.


|  > A simple solution would be for the possible victim to discard received
|  > NSOLs for the same address that it has in tentative state that have
|  > <public key, nonce, timestamp> than the DAD NSOL that it had sent
|  > (The probability of a legitimate collision in which another host that
|  > generates a DAD NSOL with the same public address, nonce and timestamp
|  > should be really low).
|  Just comparing the nonce value should suffice.
|  > For ND (unsecured), this case is also a problem, but for ND you can't
|  > by looking to a received DAD NSOL when it is an attack or just a real
|  > collision (and this could be also an incentive to use SEND, of course).
|  Plain ND is not secure anyway.
|  Some scenario are using a network setup where each nodes are on a
|  different port of a switch. If the switch was to support Multicast
|  Listener Discovery, the attacker will never get to receive the DAD NS
|  message to begin with. As stated in:
|  Hence, it will preclude the attack. Am I wrong ?

I agree with you that MLD-snooping does protect from this problem, but I
don't think it is realistic to assume that this feature is available in all
switches. In addition, there are some broadcast scenarios in which a bad guy
could circumvent this assumption.
I think a solution in the SEND domain (not depending on other deployment
issues) would still be nice.

|  Regards,
|   	Tony