Re: [Crisp] IRIS-LWZ and security issues due to spoofed sources
William Leibzon <william@completewhois.com> Mon, 27 February 2006 15:17 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1FDk8J-0006wa-05; Mon, 27 Feb 2006 10:17:55 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FDk8H-0006wR-RA for crisp@ietf.org; Mon, 27 Feb 2006 10:17:53 -0500
Received: from [216.151.193.226] (helo=cwhois1.completewhois.com) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FDk8G-000604-E8 for crisp@ietf.org; Mon, 27 Feb 2006 10:17:53 -0500
Received: from cwhois1.completewhois.com (localhost.localdomain [127.0.0.1]) by cwhois1.completewhois.com (8.13.4/8.13.4) with ESMTP id k1RH6MOJ001289; Mon, 27 Feb 2006 09:06:22 -0800
Received: from localhost (william@localhost) by cwhois1.completewhois.com (8.13.4/8.13.4/Submit) with ESMTP id k1RH6LXR001286; Mon, 27 Feb 2006 09:06:21 -0800
X-Authentication-Warning: cwhois1.completewhois.com: william owned process doing -bs
Date: Mon, 27 Feb 2006 09:06:21 -0800
From: William Leibzon <william@completewhois.com>
To: Andrew Newton <andy@hxr.us>
Subject: Re: [Crisp] IRIS-LWZ and security issues due to spoofed sources
In-Reply-To: <Pine.LNX.4.64.0602270837050.9385@cwhois1.completewhois.com>
Message-ID: <Pine.LNX.4.64.0602270856470.9385@cwhois1.completewhois.com>
References: <Pine.LNX.4.64.0602270503580.9385@cwhois1.completewhois.com> <Pine.LNX.4.64.0602270532250.9385@cwhois1.completewhois.com> <4402F9BA.6050903@ripe.net> <40753247-0679-43EA-AF0D-2C5A35F5144A@hxr.us> <Pine.LNX.4.64.0602270837050.9385@cwhois1.completewhois.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"; format="flowed"
X-Spam-Score: 0.0 (/)
X-Scan-Signature: a7d6aff76b15f3f56fcb94490e1052e4
Cc: Shane Kerr <shane@ripe.net>, CRISP WG <crisp@ietf.org>
X-BeenThere: crisp@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Cross Registry Information Service Protocol <crisp.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/crisp>, <mailto:crisp-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:crisp@ietf.org>
List-Help: <mailto:crisp-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/crisp>, <mailto:crisp-request@ietf.org?subject=subscribe>
Errors-To: crisp-bounces@ietf.org
On Mon, 27 Feb 2006, William Leibzon wrote: > On Mon, 27 Feb 2006, Andrew Newton wrote: >> >> On Feb 27, 2006, at 8:08 AM, Shane Kerr wrote: >> >>> Since this is a general UDP problem, perhaps it makes sense to point to >>> another document for this problem. Is there such a thing? >> >> That was gonna be my first question: just how do they mitigate this with >> DNS? Or DHCP? Or anything else that uses UDP? > > They don't deal with it very well. But there are actually only few protocols > to which it is applicable since most protocols that use UDP would do it for > things like creating a data stream that is not subject to TCP retransmission. > In those cases real transmission does not begin until response is received > from originator - i.e. they simulate TCP in a way and do create a sort of > a session before larger amount of data is sent. > > Where it is applicable is one-query request/response protocols which are > only few (most use TCP) such as DNS and DHCP. For DHCP the solution is > simply that DHCP servers only respond to requests from within local > lan and not to whole world. For dns there is no good solution that > everyone likes - hence current set of discussions on how to deal with > this issue at operational mail lists. Just so you know - in dns the recursion is being used as a way to cause responder to send back large data where it would normally not have done it (this is kind-of poisoning) as there are only few sites that have large dns records and are good amplification potential as-is [this reminds me that I need to bring this issue up on DKIM since it is going to introduce large dns records which as I said many times is really not a good thing to have]. --- William Leibzon mailto: william@completewhois.com Anti-Spam and Email Security Research Worksite: http://www.elan.net/~william/emailsecurity/ Whois & DNS Network Investigation Tools: http://www.completewhois.com _______________________________________________ Crisp mailing list Crisp@ietf.org https://www1.ietf.org/mailman/listinfo/crisp
- [Crisp] IRIS-LWZ and security issues due to spoof… William Leibzon
- Re: [Crisp] IRIS-LWZ and security issues due to s… William Leibzon
- Re: [Crisp] IRIS-LWZ and security issues due to s… Shane Kerr
- Re: [Crisp] IRIS-LWZ and security issues due to s… Andrew Newton
- Re: [Crisp] IRIS-LWZ and security issues due to s… Andrew Newton
- Re: [Crisp] IRIS-LWZ and security issues due to s… William Leibzon
- Re: [Crisp] IRIS-LWZ and security issues due to s… William Leibzon