Re: [IPsec] IKE fragmentation

Paul Wouters <paul@cypherpunks.ca> Thu, 14 March 2013 14:52 UTC

Return-Path: <paul@cypherpunks.ca>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7949411E819E for <ipsec@ietfa.amsl.com>; Thu, 14 Mar 2013 07:52:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OU9j6Nlakb4b for <ipsec@ietfa.amsl.com>; Thu, 14 Mar 2013 07:52:03 -0700 (PDT)
Received: from mx.nohats.ca (mx.nohats.ca [193.110.157.68]) by ietfa.amsl.com (Postfix) with ESMTP id A92CA11E8158 for <ipsec@ietf.org>; Thu, 14 Mar 2013 07:52:02 -0700 (PDT)
Received: from localhost (localhost [IPv6:::1]) by mx.nohats.ca (Postfix) with ESMTP id 3ZRXv433Whz3sq; Thu, 14 Mar 2013 10:52:00 -0400 (EDT)
X-Virus-Scanned: amavisd-new at mx.nohats.ca
Received: from mx.nohats.ca ([IPv6:::1]) by localhost (mx.nohats.ca [IPv6:::1]) (amavisd-new, port 10024) with ESMTP id 1aQQfWFfzbWr; Thu, 14 Mar 2013 10:51:59 -0400 (EDT)
Received: from bofh.nohats.ca (206-248-139-105.dsl.teksavvy.com [206.248.139.105]) by mx.nohats.ca (Postfix) with ESMTP; Thu, 14 Mar 2013 10:51:58 -0400 (EDT)
Received: by bofh.nohats.ca (Postfix, from userid 500) id 935F080860; Thu, 14 Mar 2013 10:51:58 -0400 (EDT)
Received: from localhost (localhost [127.0.0.1]) by bofh.nohats.ca (Postfix) with ESMTP id 882D48085F; Thu, 14 Mar 2013 10:51:58 -0400 (EDT)
Date: Thu, 14 Mar 2013 10:51:58 -0400
From: Paul Wouters <paul@cypherpunks.ca>
X-X-Sender: paul@bofh.nohats.ca
To: Tero Kivinen <kivinen@iki.fi>
In-Reply-To: <20801.57047.617753.249763@fireball.kivinen.iki.fi>
Message-ID: <alpine.LFD.2.03.1303141039430.17863@nohats.ca>
References: <20799.34490.611737.922474@fireball.kivinen.iki.fi> <294A12724CB849D2A33F7F80CC82426A@buildpc> <51408287.7080207@gmail.com> <3028CF35E60A40068CE70EB7BB0BDEF1@buildpc> <A5B456F7-DE58-4755-95B0-97D5D15D066C@checkpoint.com> <FCC464E01434424EB7EB4365E86F9130@buildpc> <FCFD00C2-2A6F-4D13-A98C-37BE16DD8A35@checkpoint.com> <20801.57047.617753.249763@fireball.kivinen.iki.fi>
User-Agent: Alpine 2.03 (LFD 1266 2009-07-14)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"; format="flowed"
Cc: "<ipsec@ietf.org>" <ipsec@ietf.org>, Valery Smyslov <svanru@gmail.com>, Yoav Nir <ynir@checkpoint.com>
Subject: Re: [IPsec] IKE fragmentation
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Mar 2013 14:52:03 -0000

On Thu, 14 Mar 2013, Tero Kivinen wrote:

> As earlier explained not doing that allows very wasy DoS attack, which
> allows IKEv2 to finish by just sending very few packets, i.e. you send
> one corrupted fragment to the packet and if you do that before
> responder gets the correct fragment, the responder stores it for
> reassembly and after it reassembles the packet it will only then
> notice that the packet is corrupted, and then it needs to throw the
> whole packet away. It cannot know which of the fragment is corrupted.
> This means the initiator needs to retransmit whole packet, i.e. all
> fragments of it, and attacker can do this again.

Note that requires an observer that can see your cookies/spi. Which would
mean a local attacker, whom could just as easilly send you nonsense
forged from the remote endpoint - as they are guaranteed to answer
faster. You'd be decrypting thousands of packets to find the needle in
the haystack. I wonder what the chances then are that you don't end up
dropping teh valid fragment.

If the attacker is not local, they need to be in your path to know the
spi/cookies, and they can just filter out the valid fragments.

But I see your point, it does raise the bar a little bit. Although I'm
not convinced it's worth it.

Paul