Re: [Gen-art] Gen-ART and OPS-Dir review of draft-wkumari-dhc-capport-13
Warren Kumari <warren@kumari.net> Sat, 11 July 2015 20:13 UTC
Return-Path: <warren@kumari.net>
X-Original-To: gen-art@ietfa.amsl.com
Delivered-To: gen-art@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 703181AC446 for <gen-art@ietfa.amsl.com>; Sat, 11 Jul 2015 13:13:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.977
X-Spam-Level:
X-Spam-Status: No, score=-1.977 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=unavailable
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1Vus3f2FZRqr for <gen-art@ietfa.amsl.com>; Sat, 11 Jul 2015 13:13:31 -0700 (PDT)
Received: from mail-oi0-f46.google.com (mail-oi0-f46.google.com [209.85.218.46]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4C4CA1AC449 for <gen-art@ietf.org>; Sat, 11 Jul 2015 13:13:29 -0700 (PDT)
Received: by oihq81 with SMTP id q81so17968795oih.2 for <gen-art@ietf.org>; Sat, 11 Jul 2015 13:13:28 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=7cKa+gVOLGiD19gJ3DWTe7YVkyQd7jLDF6ZXkqK4CV4=; b=VvWb8R6xjiSs3jWnMOig9xWAsk+T2rKp+bQkI3F3w24XZ+5UyQ9S5t1Nz9zuhQ4wTC RKh2YO2VDUPs25LfKSyqqxGdWqJGHSr2/W4InW9JQNhe8Ok7FiEHIqipaYtvHO8yTIKA ZnowWUD1pLT2J6GPMFApe7a892+eDtjxEhTTNdb9anmeOIYeAM0K4pMIFPC00k49SWCk DPYDhBuZAKg95AlpXoXN1VyuwAJqTKHKm5ZWFKEcF3b6sUSDSM/3Q5gHU3PkMMWyxcBG Hb8dFf8SYPMMMnQAcTBlrpqH3Wa3Q4iLCNKQJcJX9qdPoaL55QmpGuVtsdCe3jUNe82E teUQ==
X-Gm-Message-State: ALoCoQnYTBP2QZqnOjBnxFXT5FKTih6R0yys+e2jz+9vF+j1xSGDbbPELsUxrKQbtJe9DQgXg0u1
MIME-Version: 1.0
X-Received: by 10.182.133.3 with SMTP id oy3mr25289252obb.86.1436645608670; Sat, 11 Jul 2015 13:13:28 -0700 (PDT)
Received: by 10.202.232.1 with HTTP; Sat, 11 Jul 2015 13:13:28 -0700 (PDT)
In-Reply-To: <DM2PR0301MB065593620A6E227EB2D5421CA89E0@DM2PR0301MB0655.namprd03.prod.outlook.com>
References: <CE03DB3D7B45C245BCA0D2432779493613FF7529@MX104CL02.corp.emc.com> <55A13B30.4070208@bogus.com> <DM2PR0301MB065593620A6E227EB2D5421CA89E0@DM2PR0301MB0655.namprd03.prod.outlook.com>
Date: Sat, 11 Jul 2015 16:13:28 -0400
Message-ID: <CAHw9_iLS1BGmUfeUP7fX58QAZ4QmM72ZcTV6hZZwper40bG+=Q@mail.gmail.com>
From: Warren Kumari <warren@kumari.net>
To: Christian Huitema <huitema@microsoft.com>
Content-Type: multipart/alternative; boundary="e89a8ff1cf322c5e99051a9f1f4f"
Archived-At: <http://mailarchive.ietf.org/arch/msg/gen-art/ZVEVG24NfWhcU-Z96tuKqkr_SjU>
Cc: "ops-dir@ietf.org" <ops-dir@ietf.org>, "ietf@ietf.org" <ietf@ietf.org>, "ebersman-ietf@dragon.net" <ebersman-ietf@dragon.net>, joel jaeggli <joelja@bogus.com>, "General Area Review Team (gen-art@ietf.org)" <gen-art@ietf.org>, "steve.sheng@icann.org" <steve.sheng@icann.org>, "dhcwg@ietf.org" <dhcwg@ietf.org>, "olafur@cloudflare.com" <olafur@cloudflare.com>
Subject: Re: [Gen-art] Gen-ART and OPS-Dir review of draft-wkumari-dhc-capport-13
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/gen-art/>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 11 Jul 2015 20:13:32 -0000
On Saturday, July 11, 2015, Christian Huitema <huitema@microsoft.com> wrote: > > On Saturday, July 11, 2015 8:50 AM, joel jaeggli wrote > > > ... > > [5] Section 5: > > > > Fake > > DHCP servers / fake RAs are currently a security concern - this > > doesn't make them any better or worse. > > > > Please cite a reference for this, preferably with operational > > recommendations on limiting these problems (e.g., ensure that DHCP and > > RA traffic cannot be injected from outside/beyond the network that is > relevant to the portal). > > There is definitely an attack vector there. Suppose an attacker can > monitor the traffic, say on an unencrypted Wi-Fi hot spot. The attacker can > see a DHCP request or INFORM, and race in a fake response with an URL of > their own choosing. The mark's computer automatically connects there, and > download some zero-day attack. Bingo! > > An attacker with this level of access can already do this. They fake a DHCP response with themselves as the gateway and insert a 302 into any http connection. Or, more likely they simply inject malicious code into some connection. Connecting to unknown/ unencrypted networks is inherently dangerous... W > -- Christian Huitema > > > > > -- I don't think the execution is relevant when it was obviously a bad idea in the first place. This is like putting rabid weasels in your pants, and later expressing regret at having chosen those particular rabid weasels and that pair of pants. ---maf
- [Gen-art] Gen-ART and OPS-Dir review of draft-wku… Black, David
- Re: [Gen-art] Gen-ART and OPS-Dir review of draft… joel jaeggli
- Re: [Gen-art] [dhcwg] Gen-ART and OPS-Dir review … Christian Huitema
- Re: [Gen-art] Gen-ART and OPS-Dir review of draft… Warren Kumari
- Re: [Gen-art] Gen-ART and OPS-Dir review of draft… Christian Huitema
- Re: [Gen-art] Gen-ART and OPS-Dir review of draft… Sam Hartman
- Re: [Gen-art] Gen-ART and OPS-Dir review of draft… Warren Kumari