Re: [Isis-wg] draft-decraene-isis-lsp-lifetime-problem-statement-00.txt

Unfortunately yes.

Albeit small, this is a completely open attack vector that can melt a big
network down just nicely.

One can only appeal otherwise to 'security by obscurity' claiming that an
adjacency is necessary first and those are keyed.   However, nothing
prevents an attacker from replaying the flooding it snoops masquerading as
any of the peers while squishing the lifetimes. Or a freakish corruption
may cause the effect (this however would have been noticed long ago IMO
[just like purging on corrupt LSPs was] so I doubt that's a valid argument
within realm of likely occurrences).

So, I would say this problem is in fact a valid problem worth tackling
albeit few people in the world have it ;-) However, those people run some
stuff I wouldn't like to see going down since I cherish a working Internet
;-)

--- tony

On Mon, Jul 20, 2015 at 9:03 AM, Les Ginsberg (ginsberg) <ginsberg@cisco.com
> wrote:

> To add to what Bruno has said:
>
> In https://tools.ietf.org/id/draft-ietf-karp-isis-analysis-07.txt Section
> 2.3.2 there is the following paragraph:
>
> A rogue system having access to the common key used to protect
>        the LSP, can send an LSP, setting the Remaining Lifetime field to
>        zero, and flooding it thereby initiating a purge.  Subsequently,
>        this also can cause the sequence number of all the LSPs to
>        increase quickly to max out the sequence number space, which can
>        cause an IS to shut down for MaxAge + ZeroAgeLifetime period to
>        allow the old LSPs to age out in other ISes of the same flooding
>        domain.
>
> But this is NOT the issue discussed in Bruno's draft. In particular the
> problem Bruno discusses does not require the attacker to have the key and
> the attacker does NOT set RemainingLifetime to 0- it sets it to a small
> non-zero value.
>
> These distinctions are important because in Bruno's scenario it is not
> necessary for the attacker to have the authentication key - yet they can
> still cause LSPs to be purged prematurely.
>
>     Les
>
> > -----Original Message-----
> > From: Isis-wg [mailto:isis-wg-bounces@ietf.org] On Behalf Of
> > bruno.decraene@orange.com
> > Sent: Monday, July 20, 2015 7:57 AM
> > To: isis-wg@ietf.org list
> > Subject: Re: [Isis-wg]
> draft-decraene-isis-lsp-lifetime-problem-statement-
> > 00.txt
> >
> > Follow up on a comment expressed during the presentation:
> >  draft-ietf-karp-isis-analysis do _not_  talk about this problem
> statement.
> >
> > > -----Original Message-----
> > > From: Isis-wg [mailto:isis-wg-bounces@ietf.org] On Behalf Of
> > > bruno.decraene@orange.com
> > > Sent: Monday, July 06, 2015 9:38 PM
> > > To: isis-wg@ietf.org list
> > > Cc: SCHMITZ Christof IMT/OLN
> > > Subject: [Isis-wg]
> > > draft-decraene-isis-lsp-lifetime-problem-statement-00.txt
> > >
> > > Hi all,
> > >
> > > Please find below a draft describing the problem statement with
> > > regards to the possible corruption of the LSP lifetime.
> > > https://tools.ietf.org/html/draft-decraene-isis-lsp-lifetime-problem-
> > > statement-00
> > >
> > > Comments welcomed.
> > >
> > > Thanks,
> > > Regards,
> > > Bruno, Christof
> > >
> > > -----Original Message-----
> > > From: internet-drafts@ietf.org [mailto:internet-drafts@ietf.org]
> > > Sent: Monday, July 06, 2015 9:29 PM
> > >
> > >
> > >
> > > A new version of I-D,
> > > draft-decraene-isis-lsp-lifetime-problem-statement-
> > > 00.txt
> > > has been successfully submitted by Bruno Decraene and posted to the
> > > IETF repository.
> > >
> > > Name:               draft-decraene-isis-lsp-lifetime-problem-statement
> > > Revision:   00
> > > Title:              IS-IS LSP lifetime corruption - Problem Statement
> > > Document date:      2015-07-06
> > > Group:              Individual Submission
> > > Pages:              6
> > > URL:
> https://www.ietf.org/internet-drafts/draft-decraene-isis-lsp-
> > > lifetime-problem-statement-00.txt
> > > Status:
> https://datatracker.ietf.org/doc/draft-decraene-isis-lsp-
> > > lifetime-problem-statement/
> > > Htmlized:
> https://tools.ietf.org/html/draft-decraene-isis-lsp-lifetime-
> > > problem-statement-00
> > >
> > >
> > > Abstract:
> > >    The IS-IS protocol exchanges Link State Packet (LSP) to exchange
> > >    routing information.  The lifetime of this LSP is located in the LSP
> > >    header and is neither protected from corruption by the Fletcher
> > >    checksum nor by cryptographic authentication.  So the LSP lifetime
> > >    may be altered, either accidentally or maliciously any time.
> > >
> > >    The lifetime field of the LSP is an important field for the correct
> > >    operation of IS-IS.  Corruption of this LSP lifetime may cause
> > >    flooding storm with severe impact in the network.
> > >
> > >    This draft documents the problem statement and calls for a solution.
> > >
> > >
> > >
> > >
> > >
> > __________________________________________________________
> > ____
> > >
> > __________________________________________________________
> > _
> > >
> > > Ce message et ses pieces jointes peuvent contenir des informations
> > > confidentielles ou privilegiees et ne doivent donc pas etre diffuses,
> > > exploites ou copies sans autorisation. Si vous avez recu ce message
> > > par erreur, veuillez le signaler a l'expediteur et le detruire ainsi
> > > que les pieces jointes. Les messages electroniques etant susceptibles
> > > d'alteration, Orange decline toute responsabilite si ce message a ete
> > > altere, deforme ou falsifie. Merci.
> > >
> > > This message and its attachments may contain confidential or
> > > privileged information that may be protected by law; they should not
> > > be distributed, used or copied without authorisation.
> > > If you have received this email in error, please notify the sender and
> > > delete this message and its attachments.
> > > As emails may be altered, Orange is not liable for messages that have
> > > been modified, changed or falsified.
> > > Thank you.
> > >
> > > _______________________________________________
> > > Isis-wg mailing list
> > > Isis-wg@ietf.org
> > > https://www.ietf.org/mailman/listinfo/isis-wg
> >
> > __________________________________________________________
> > __________________________________________________________
> > _____
> >
> > Ce message et ses pieces jointes peuvent contenir des informations
> > confidentielles ou privilegiees et ne doivent donc pas etre diffuses,
> exploites
> > ou copies sans autorisation. Si vous avez recu ce message par erreur,
> veuillez
> > le signaler a l'expediteur et le detruire ainsi que les pieces jointes.
> Les
> > messages electroniques etant susceptibles d'alteration, Orange decline
> toute
> > responsabilite si ce message a ete altere, deforme ou falsifie. Merci.
> >
> > This message and its attachments may contain confidential or privileged
> > information that may be protected by law; they should not be distributed,
> > used or copied without authorisation.
> > If you have received this email in error, please notify the sender and
> delete
> > this message and its attachments.
> > As emails may be altered, Orange is not liable for messages that have
> been
> > modified, changed or falsified.
> > Thank you.
> >
> > _______________________________________________
> > Isis-wg mailing list
> > Isis-wg@ietf.org
> > https://www.ietf.org/mailman/listinfo/isis-wg
>
> _______________________________________________
> Isis-wg mailing list
> Isis-wg@ietf.org
> https://www.ietf.org/mailman/listinfo/isis-wg
>