Re: [Gen-art] Gen-ART and OPS-Dir review of draft-wkumari-dhc-capport-13
Sam Hartman <hartmans-ietf@mit.edu> Mon, 13 July 2015 15:44 UTC
Return-Path: <hartmans@mit.edu>
X-Original-To: gen-art@ietfa.amsl.com
Delivered-To: gen-art@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 104191B2B8A; Mon, 13 Jul 2015 08:44:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.235
X-Spam-Level:
X-Spam-Status: No, score=-1.235 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_SOFTFAIL=0.665] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TZ-WzUP_s8-2; Mon, 13 Jul 2015 08:44:44 -0700 (PDT)
Received: from mail.painless-security.com (mail.painless-security.com [23.30.188.241]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A57811B2A6B; Mon, 13 Jul 2015 08:44:44 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mail.painless-security.com (Postfix) with ESMTP id 27DEC20733; Mon, 13 Jul 2015 11:44:41 -0400 (EDT)
Received: from mail.painless-security.com ([127.0.0.1]) by localhost (mail.suchdamage.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Odg3uqUuFf5B; Mon, 13 Jul 2015 11:44:40 -0400 (EDT)
Received: from carter-zimmerman.suchdamage.org (unknown [10.1.10.105]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "laptop", Issuer "laptop" (not verified)) by mail.painless-security.com (Postfix) with ESMTPS; Mon, 13 Jul 2015 11:44:40 -0400 (EDT)
Received: by carter-zimmerman.suchdamage.org (Postfix, from userid 8042) id 8596B82145; Mon, 13 Jul 2015 11:44:42 -0400 (EDT)
From: Sam Hartman <hartmans-ietf@mit.edu>
To: Warren Kumari <warren@kumari.net>
References: <CE03DB3D7B45C245BCA0D2432779493613FF7529@MX104CL02.corp.emc.com> <55A13B30.4070208@bogus.com> <DM2PR0301MB065593620A6E227EB2D5421CA89E0@DM2PR0301MB0655.namprd03.prod.outlook.com> <CAHw9_iLS1BGmUfeUP7fX58QAZ4QmM72ZcTV6hZZwper40bG+=Q@mail.gmail.com>
Date: Mon, 13 Jul 2015 11:44:42 -0400
In-Reply-To: <CAHw9_iLS1BGmUfeUP7fX58QAZ4QmM72ZcTV6hZZwper40bG+=Q@mail.gmail.com> (Warren Kumari's message of "Sat, 11 Jul 2015 16:13:28 -0400")
Message-ID: <tsl380sf4et.fsf@mit.edu>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.3 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain
Archived-At: <http://mailarchive.ietf.org/arch/msg/gen-art/BaAbN5j-QhhC807wjYitqplVvOI>
Cc: "ops-dir@ietf.org" <ops-dir@ietf.org>, "ietf@ietf.org" <ietf@ietf.org>, "olafur@cloudflare.com" <olafur@cloudflare.com>, "General Area Review Team (gen-art@ietf.org)" <gen-art@ietf.org>, "ebersman-ietf@dragon.net" <ebersman-ietf@dragon.net>, "dhcwg@ietf.org" <dhcwg@ietf.org>, "steve.sheng@icann.org" <steve.sheng@icann.org>, Christian Huitema <huitema@microsoft.com>
Subject: Re: [Gen-art] Gen-ART and OPS-Dir review of draft-wkumari-dhc-capport-13
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/gen-art/>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Jul 2015 15:44:46 -0000
>>>>> "Warren" == Warren Kumari <warren@kumari.net> writes: Warren> On Saturday, July 11, 2015, Christian Huitema Warren> <huitema@microsoft.com> Warren> wrote: Warren> On Saturday, July 11, 2015 8:50 AM, joel jaeggli wrote >> ... [5] Section 5: >> >> Fake DHCP servers / fake RAs are currently a security concern - >> this doesn't make them any better or worse. >> >> Please cite a reference for this, preferably with operational >> recommendations on limiting these problems (e.g., ensure that >> DHCP Warren> and >> RA traffic cannot be injected from outside/beyond the network >> that Warren> is relevant to the portal). > There is definitely an > attack vector there. Suppose an attacker can monitor the > traffic, say on an unencrypted Wi-Fi hot spot. The attacker > can see a DHCP request or INFORM, and race in a fake > response with an URL of their own choosing. The mark's > computer automatically connects there, and download some > zero-day attack. Bingo! Warren> An attacker with this level of access can already do Warren> this. They fake a DHCP response with themselves as the Warren> gateway and insert a 302 into any http connection. Or, more Warren> likely they simply inject malicious code into some Warren> connection. I'm with Christian. The attack he describes--injecting a URI--is less likely in my mind to be noticed than setting up a gateway. So, I do consider this a new vector.
- [Gen-art] Gen-ART and OPS-Dir review of draft-wku… Black, David
- Re: [Gen-art] Gen-ART and OPS-Dir review of draft… joel jaeggli
- Re: [Gen-art] [dhcwg] Gen-ART and OPS-Dir review … Christian Huitema
- Re: [Gen-art] Gen-ART and OPS-Dir review of draft… Warren Kumari
- Re: [Gen-art] Gen-ART and OPS-Dir review of draft… Christian Huitema
- Re: [Gen-art] Gen-ART and OPS-Dir review of draft… Sam Hartman
- Re: [Gen-art] Gen-ART and OPS-Dir review of draft… Warren Kumari