Re: [IPsec] IKE fragmentation

Paul Wouters <paul@nohats.ca> Wed, 13 March 2013 14:40 UTC

Return-Path: <paul@nohats.ca>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6139621F8C72 for <ipsec@ietfa.amsl.com>; Wed, 13 Mar 2013 07:40:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.301
X-Spam-Level:
X-Spam-Status: No, score=-2.301 tagged_above=-999 required=5 tests=[AWL=0.298, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nsTBXO59KwDK for <ipsec@ietfa.amsl.com>; Wed, 13 Mar 2013 07:40:31 -0700 (PDT)
Received: from mx.nohats.ca (mx.nohats.ca [193.110.157.68]) by ietfa.amsl.com (Postfix) with ESMTP id C395621F8A41 for <ipsec@ietf.org>; Wed, 13 Mar 2013 07:40:31 -0700 (PDT)
Received: from localhost (localhost [IPv6:::1]) by mx.nohats.ca (Postfix) with ESMTP id 3ZQwhF5j0lz1c4; Wed, 13 Mar 2013 10:40:29 -0400 (EDT)
X-Virus-Scanned: amavisd-new at mx.nohats.ca
Received: from mx.nohats.ca ([IPv6:::1]) by localhost (mx.nohats.ca [IPv6:::1]) (amavisd-new, port 10024) with ESMTP id fk6SSK2EpF4U; Wed, 13 Mar 2013 10:40:28 -0400 (EDT)
Received: from bofh.nohats.ca (206-248-139-105.dsl.teksavvy.com [206.248.139.105]) by mx.nohats.ca (Postfix) with ESMTP; Wed, 13 Mar 2013 10:40:28 -0400 (EDT)
Received: by bofh.nohats.ca (Postfix, from userid 500) id ADAA080860; Wed, 13 Mar 2013 10:40:28 -0400 (EDT)
Received: from localhost (localhost [127.0.0.1]) by bofh.nohats.ca (Postfix) with ESMTP id 9E1F6804F3; Wed, 13 Mar 2013 10:40:28 -0400 (EDT)
Date: Wed, 13 Mar 2013 10:40:28 -0400 (EDT)
From: Paul Wouters <paul@nohats.ca>
To: Valery Smyslov <svanru@gmail.com>
In-Reply-To: <4C4F5DE0838E4DCFBAE31A02D7ED5D33@buildpc>
Message-ID: <alpine.LFD.2.03.1303131036300.27437@nohats.ca>
References: <20799.34490.611737.922474@fireball.kivinen.iki.fi> <294A12724CB849D2A33F7F80CC82426A@buildpc> <alpine.LFD.2.03.1303130941040.27437@nohats.ca> <4C4F5DE0838E4DCFBAE31A02D7ED5D33@buildpc>
User-Agent: Alpine 2.03 (LFD 1266 2009-07-14)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
Cc: ipsec@ietf.org, Tero Kivinen <kivinen@iki.fi>
Subject: Re: [IPsec] IKE fragmentation
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Mar 2013 14:40:32 -0000

On Wed, 13 Mar 2013, Valery Smyslov wrote:

>> How is that a DOS attack? In our implementation of the IKEv1
>> fragmentation, we limit the number of fragments to 16. We will
>> only need to do any crypto when we received the IKE packet
>> marked as "last". Then we do crypto once on the assembled packet
>> and throw it away when crypto fails.
>
> If attacker sends you a forged fragment, you cannot determine this
> untill you get reassembled the whole message. When you determine
> this you have to discard all received fragments (as you don't know
> which of them is bogus) and wait for retransmission. For attacker
> it is enough to send you forged fragments with rather low rate
> to have a good chance to prevent you from communication with your peer.
>
> I think this is kind of DoS attack as Initiator is denied to get desired 
> service (IPsec).

But then the attacker has to know the SPI/COOKIES too? So it is an
in-path attack. But I see you point.

> I think that responder should start replying with fragments
> immediately after it receives first fragmented message from initiator,
> but not before this event. It is initiator who is responsible
> for retransmissions and it is his/her responsibility to
> switch on fragmentation.

Yes, this case is different for IKEv2.

>> Our implementation also does not handle the first packet of an
>> exchange to be fragmented, because we have no state to store the
>> fragments for. In practise this does not matter because the first
>> packet is never large enough to need fragmentation.
>
> We do the same.

So does it make sense to say in the document that the first packet
must not be fragmented?

Paul