I-D Action: draft-bhargav-l3vpn-inter-provider-optcsec-01.txt
internet-drafts@ietf.org Wed, 29 February 2012 14:07 UTC
Return-Path: <internet-drafts@ietf.org>
X-Original-To: i-d-announce@ietfa.amsl.com
Delivered-To: i-d-announce@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C2E6E21F86F3 for <i-d-announce@ietfa.amsl.com>; Wed, 29 Feb 2012 06:07:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.546
X-Spam-Level:
X-Spam-Status: No, score=-102.546 tagged_above=-999 required=5 tests=[AWL=0.053, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id M61Z0qgkY1Km for <i-d-announce@ietfa.amsl.com>; Wed, 29 Feb 2012 06:07:07 -0800 (PST)
Received: from ietfa.amsl.com (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E85C121F86BE for <i-d-announce@ietf.org>; Wed, 29 Feb 2012 06:07:06 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
From: internet-drafts@ietf.org
To: i-d-announce@ietf.org
Subject: I-D Action: draft-bhargav-l3vpn-inter-provider-optcsec-01.txt
X-Test-IDTracker: no
X-IETF-IDTracker: 4.00
Message-ID: <20120229140704.20429.94222.idtracker@ietfa.amsl.com>
Date: Wed, 29 Feb 2012 06:07:04 -0800
X-BeenThere: i-d-announce@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: internet-drafts@ietf.org
List-Id: Internet Draft Announcements only <i-d-announce.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/i-d-announce>, <mailto:i-d-announce-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/i-d-announce>
List-Post: <mailto:i-d-announce@ietf.org>
List-Help: <mailto:i-d-announce-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/i-d-announce>, <mailto:i-d-announce-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Feb 2012 14:07:08 -0000
A New Internet-Draft is available from the on-line Internet-Drafts directories. Title : Preventing spoofing attacks in BGP-MPLS-VPN Inter-Provider Model-C Author(s) : Bhargav Bhikkaji Balaji Venkat Venkataswami Filename : draft-bhargav-l3vpn-inter-provider-optcsec-01.txt Pages : 15 Date : 2012-02-29 In certain models of inter-provider Multi-Protocol-Label-Switching based Virtual Private Networks (MPLS-VPNs), spoofing attacks against VPN sites is a key concern. Unidirectional attacks towards VPN sites can compromise servers at the VPN sites and cause Denial-of-Service (DoS) situations. Currently, the inner labels associated with VPN sites are not encrypted during transmission. The Provider Edge (PE) router at the end to which the VPN customer is attached accepts any data packet with a valid label. This enables a man-in-the-middle attacker to spoof a packet to a specific site of a VPN. In this paper, we propose some secure techniques which provide security against such label-spoofing. These techniques ensure that an attacker would not be able to spoof labeled data packets. In order to make the proposed scheme robust, some additional steps are proposed over and above the initial steps specified. This makes the attacker to spend non-linear time to guess the right label for his unidirectional attacks to succeed. Our proposed technique can be applied to a specific type of inter-provider Border Gateway Protocol(BGP) based MPLS VPN and other existing variant where Multi-Protocol exterior- BGP (MP-eBGP) multi-hop is used. In future, if any other variant is proposed to use MP-eBGP multi-hop, our scheme can be used to protect against spoofing attacks. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-bhargav-l3vpn-inter-provider-optcsec-01.txt Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ This Internet-Draft can be retrieved at: ftp://ftp.ietf.org/internet-drafts/draft-bhargav-l3vpn-inter-provider-optcsec-01.txt
- I-D Action: draft-bhargav-l3vpn-inter-provider-op… internet-drafts