[Crisp] IRIS-LWZ and security issues due to spoofed sources
William Leibzon <william@completewhois.com> Mon, 27 February 2006 11:30 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1FDga1-0008KH-JC; Mon, 27 Feb 2006 06:30:17 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FDga0-0008K9-L9 for crisp@ietf.org; Mon, 27 Feb 2006 06:30:16 -0500
Received: from [216.151.193.226] (helo=cwhois1.completewhois.com) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FDgZz-0006db-6m for crisp@ietf.org; Mon, 27 Feb 2006 06:30:16 -0500
Received: from cwhois1.completewhois.com (localhost.localdomain [127.0.0.1]) by cwhois1.completewhois.com (8.13.4/8.13.4) with ESMTP id k1RDIgwJ025381 for <crisp@ietf.org>; Mon, 27 Feb 2006 05:18:44 -0800
Received: from localhost (william@localhost) by cwhois1.completewhois.com (8.13.4/8.13.4/Submit) with ESMTP id k1RDIf75025298 for <crisp@ietf.org>; Mon, 27 Feb 2006 05:18:42 -0800
X-Authentication-Warning: cwhois1.completewhois.com: william owned process doing -bs
Date: Mon, 27 Feb 2006 05:18:41 -0800
From: William Leibzon <william@completewhois.com>
To: CRISP WG <crisp@ietf.org>
Message-ID: <Pine.LNX.4.64.0602270503580.9385@cwhois1.completewhois.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"; format="flowed"
X-Spam-Score: 0.0 (/)
X-Scan-Signature: ea4ac80f790299f943f0a53be7e1a21a
Subject: [Crisp] IRIS-LWZ and security issues due to spoofed sources
X-BeenThere: crisp@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Cross Registry Information Service Protocol <crisp.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/crisp>, <mailto:crisp-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:crisp@ietf.org>
List-Help: <mailto:crisp-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/crisp>, <mailto:crisp-request@ietf.org?subject=subscribe>
Errors-To: crisp-bounces@ietf.org
There have been a lot of discussions going on in the last few days at NANOG and other dns operations lists that are related to issue of public recursive dns servers being used way to amplify an attack: http://www.gossamer-threads.com/lists/nanog/users/89657 http://lists.oarci.net/pipermail/dns-operations/2006-February/thread.html The general description of the problem is that bad guys are sending spoofed udp packets to servers in a way so that the servers would send data (to spoofed source) that is considerably larger then the original request - thus the amplification. For more information, you may want to read http://www.us-cert.gov/reading_room/DNS-recursion121605.pdf Now it occurs to me that the same problem may also happen with those using IRIS-LWZ UDP method as IRIS response is very likely to be larger then original request and thus there is a possibility of amplification. So before its too late and IRIS-LWS draft is published as an RFC, I think we need to have this possiblity documented in the Security Considerations section (which is rather small right now...) and try to come up with some suggestions on how to deal with the problem when people want to run public IRIS server. --- William Leibzon mailto: william@completewhois.com Anti-Spam and Email Security Research Worksite: http://www.elan.net/~william/emailsecurity/ Whois & DNS Network Investigation Tools: http://www.completewhois.com _______________________________________________ Crisp mailing list Crisp@ietf.org https://www1.ietf.org/mailman/listinfo/crisp
- [Crisp] IRIS-LWZ and security issues due to spoof… William Leibzon
- Re: [Crisp] IRIS-LWZ and security issues due to s… William Leibzon
- Re: [Crisp] IRIS-LWZ and security issues due to s… Shane Kerr
- Re: [Crisp] IRIS-LWZ and security issues due to s… Andrew Newton
- Re: [Crisp] IRIS-LWZ and security issues due to s… Andrew Newton
- Re: [Crisp] IRIS-LWZ and security issues due to s… William Leibzon
- Re: [Crisp] IRIS-LWZ and security issues due to s… William Leibzon