IETF Logo Mail Archive

Re: [IPsec] I-D Action: draft-ietf-ipsecme-ddos-protection-05.txt

Paul Wouters <paul@nohats.ca> Mon, 28 March 2016 15:26 UTC

Return-Path: <paul@nohats.ca>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8E5D212DA8F for <ipsec@ietfa.amsl.com>; Mon, 28 Mar 2016 08:26:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.11
X-Spam-Level:
X-Spam-Status: No, score=-1.11 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_ADSP_ALL=0.8, T_RP_MATCHES_RCVD=-0.01] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oYrUjaY7Jln9 for <ipsec@ietfa.amsl.com>; Mon, 28 Mar 2016 08:26:40 -0700 (PDT)
Received: from mx.nohats.ca (mx.nohats.ca [IPv6:2a03:6000:1004:1::68]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5578512DA86 for <ipsec@ietf.org>; Mon, 28 Mar 2016 08:26:39 -0700 (PDT)
Received: from localhost (localhost [IPv6:::1]) by mx.nohats.ca (Postfix) with ESMTP id 3qYd6j5SlYzCZC; Mon, 28 Mar 2016 17:26:37 +0200 (CEST)
X-OPENPGPKEY: Message passed unmodified
X-Virus-Scanned: amavisd-new at mx.nohats.ca
Received: from mx.nohats.ca ([IPv6:::1]) by localhost (mx.nohats.ca [IPv6:::1]) (amavisd-new, port 10024) with ESMTP id mHmPKXjt89cA; Mon, 28 Mar 2016 17:26:36 +0200 (CEST)
Received: from bofh.nohats.ca (206-248-139-105.dsl.teksavvy.com [206.248.139.105]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx.nohats.ca (Postfix) with ESMTPS; Mon, 28 Mar 2016 17:26:36 +0200 (CEST)
Received: by bofh.nohats.ca (Postfix, from userid 1000) id 1E47B60007EA; Mon, 28 Mar 2016 11:26:36 -0400 (EDT)
DKIM-Filter: OpenDKIM Filter v2.10.3 bofh.nohats.ca 1E47B60007EA
Received: from localhost (localhost [127.0.0.1]) by bofh.nohats.ca (Postfix) with ESMTP id 1A10818D6F; Mon, 28 Mar 2016 11:26:36 -0400 (EDT)
Date: Mon, 28 Mar 2016 11:26:36 -0400
From: Paul Wouters <paul@nohats.ca>
To: Valery Smyslov <svanru@gmail.com>
In-Reply-To: <8D8EBD80E21449B0838FA6562F195411@buildpc>
Message-ID: <alpine.LFD.2.20.1603281122340.2626@bofh.nohats.ca>
References: <20160321201328.12185.28466.idtracker@ietfa.amsl.com> <alpine.LFD.2.20.1603212023560.16028@bofh.nohats.ca> <3A97CB619AEA41FE9EE901AF4FAF45CA@buildpc> <alpine.LFD.2.20.1603271303400.15492@bofh.nohats.ca> <22A743E8E50E402EBD698E354719C11C@buildpc> <alpine.LFD.2.20.1603281044420.1552@bofh.nohats.ca> <8D8EBD80E21449B0838FA6562F195411@buildpc>
User-Agent: Alpine 2.20 (LFD 67 2015-01-07)
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"; format="flowed"
Archived-At: <http://mailarchive.ietf.org/arch/msg/ipsec/g8vYsXf4rw3EeEMdRqhzrlqgVts>
Cc: ipsec@ietf.org
Subject: Re: [IPsec] I-D Action: draft-ietf-ipsecme-ddos-protection-05.txt
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 28 Mar 2016 15:26:41 -0000

On Mon, 28 Mar 2016, Valery Smyslov wrote:

>>  If we assume cookies take care of spoofed IPs, then an attacker trying
>>  to waste the responders resources would exchange an IKE_INIT round,
>>  and then just send a bunch of IKE_AUTH packets (with proper SPIs) that
>>  all will fail to decrypt. The responder has to try all of them because
>>  it could be a legitimate client. So I'm not sure if you actually buy
>>  anything by postponing the SKEYSEED and SK_* calculation?
>
> Postponing SKEYSEED and SK_* calculation saves your resources
> if IKE_AUTH request never come.

But if the attacker wants to exhaust your cpu, they _will_ come back
with a /dev/random filled IKE_AUTH request.

> It can be if there are some network
> problems (for example, the IKE_AUTH message is too long, get fragmented
> by IP and dropped by NAT, and the initiator doesn't support IKE 
> fragmentation)
> or if the initiator never mind to send IKE_AUTH (i.e. it is an attack on 
> half-open SAs, that could be even with cookies - in case of botnets).

That's not really a ddos protection. It's more of a common sense thing.

> Mostly yes. However in some cases it is not so stupid. If you do all crypto 
> in hardware
> and this hardware may handle limited number of key handles, then
> you'd probably discard the keys in this case not to exhaust crypto HW memory.
> In this case you'll recalculate them once new IKE_AUTH arrives.
> This a tradeoff and the draft recommends (with SHOULD) to keep the keys.

Ok, I guess I feel it is a bit of a stretch away from "ddos defense" and
more of a "core implementation sanity", but I guess that line is a
little subjective, and I guess a paragraph extra won't hurt the
document.

Paul

v2.23.0 | Report a Bug | By Email