Re: [Isis-wg] draft-decraene-isis-lsp-lifetime-problem-statement-00.txt

Agree -

1.       It’s different than what’s discussed in the KARP draft

2.       It’s good to solve this issue in a backward compatible way, which can eventually rolled out in all nodes of the network.

--
Uma C.

From: Isis-wg [mailto:isis-wg-bounces@ietf.org] On Behalf Of Tony Przygienda
Sent: Monday, July 20, 2015 9:21 AM
To: Les Ginsberg (ginsberg)
Cc: bruno.decraene@orange.com; isis-wg@ietf.org list
Subject: Re: [Isis-wg] draft-decraene-isis-lsp-lifetime-problem-statement-00.txt

Unfortunately yes.

Albeit small, this is a completely open attack vector that can melt a big network down just nicely.

One can only appeal otherwise to 'security by obscurity' claiming that an adjacency is necessary first and those are keyed.   However, nothing prevents an attacker from replaying the flooding it snoops masquerading as any of the peers while squishing the lifetimes. Or a freakish corruption may cause the effect (this however would have been noticed long ago IMO [just like purging on corrupt LSPs was] so I doubt that's a valid argument within realm of likely occurrences).

So, I would say this problem is in fact a valid problem worth tackling albeit few people in the world have it ;-) However, those people run some stuff I wouldn't like to see going down since I cherish a working Internet ;-)

--- tony

On Mon, Jul 20, 2015 at 9:03 AM, Les Ginsberg (ginsberg) <ginsberg@cisco.com<mailto:ginsberg@cisco.com>> wrote:
To add to what Bruno has said:

In https://tools.ietf.org/id/draft-ietf-karp-isis-analysis-07.txt Section 2.3.2 there is the following paragraph:

A rogue system having access to the common key used to protect
       the LSP, can send an LSP, setting the Remaining Lifetime field to
       zero, and flooding it thereby initiating a purge.  Subsequently,
       this also can cause the sequence number of all the LSPs to
       increase quickly to max out the sequence number space, which can
       cause an IS to shut down for MaxAge + ZeroAgeLifetime period to
       allow the old LSPs to age out in other ISes of the same flooding
       domain.

But this is NOT the issue discussed in Bruno's draft. In particular the problem Bruno discusses does not require the attacker to have the key and the attacker does NOT set RemainingLifetime to 0- it sets it to a small non-zero value.

These distinctions are important because in Bruno's scenario it is not necessary for the attacker to have the authentication key - yet they can still cause LSPs to be purged prematurely.

    Les

> -----Original Message-----
> From: Isis-wg [mailto:isis-wg-bounces@ietf.org<mailto:isis-wg-bounces@ietf.org>] On Behalf Of
> bruno.decraene@orange.com<mailto:bruno.decraene@orange.com>
> Sent: Monday, July 20, 2015 7:57 AM
> To: isis-wg@ietf.org<mailto:isis-wg@ietf.org> list
> Subject: Re: [Isis-wg] draft-decraene-isis-lsp-lifetime-problem-statement-
> 00.txt
>
> Follow up on a comment expressed during the presentation:
>  draft-ietf-karp-isis-analysis do _not_  talk about this problem statement.
>
> > -----Original Message-----
> > From: Isis-wg [mailto:isis-wg-bounces@ietf.org<mailto:isis-wg-bounces@ietf.org>] On Behalf Of
> > bruno.decraene@orange.com<mailto:bruno.decraene@orange.com>
> > Sent: Monday, July 06, 2015 9:38 PM
> > To: isis-wg@ietf.org<mailto:isis-wg@ietf.org> list
> > Cc: SCHMITZ Christof IMT/OLN
> > Subject: [Isis-wg]
> > draft-decraene-isis-lsp-lifetime-problem-statement-00.txt
> >
> > Hi all,
> >
> > Please find below a draft describing the problem statement with
> > regards to the possible corruption of the LSP lifetime.
> > https://tools.ietf.org/html/draft-decraene-isis-lsp-lifetime-problem-
> > statement-00
> >
> > Comments welcomed.
> >
> > Thanks,
> > Regards,
> > Bruno, Christof
> >
> > -----Original Message-----
> > From: internet-drafts@ietf.org<mailto:internet-drafts@ietf.org> [mailto:internet-drafts@ietf.org<mailto:internet-drafts@ietf.org>]
> > Sent: Monday, July 06, 2015 9:29 PM
> >
> >
> >
> > A new version of I-D,
> > draft-decraene-isis-lsp-lifetime-problem-statement-
> > 00.txt
> > has been successfully submitted by Bruno Decraene and posted to the
> > IETF repository.
> >
> > Name:               draft-decraene-isis-lsp-lifetime-problem-statement
> > Revision:   00
> > Title:              IS-IS LSP lifetime corruption - Problem Statement
> > Document date:      2015-07-06
> > Group:              Individual Submission
> > Pages:              6
> > URL:            https://www.ietf.org/internet-drafts/draft-decraene-isis-lsp-
> > lifetime-problem-statement-00.txt
> > Status:         https://datatracker.ietf.org/doc/draft-decraene-isis-lsp-
> > lifetime-problem-statement/
> > Htmlized:       https://tools.ietf.org/html/draft-decraene-isis-lsp-lifetime-
> > problem-statement-00
> >
> >
> > Abstract:
> >    The IS-IS protocol exchanges Link State Packet (LSP) to exchange
> >    routing information.  The lifetime of this LSP is located in the LSP
> >    header and is neither protected from corruption by the Fletcher
> >    checksum nor by cryptographic authentication.  So the LSP lifetime
> >    may be altered, either accidentally or maliciously any time.
> >
> >    The lifetime field of the LSP is an important field for the correct
> >    operation of IS-IS.  Corruption of this LSP lifetime may cause
> >    flooding storm with severe impact in the network.
> >
> >    This draft documents the problem statement and calls for a solution.
> >
> >
> >
> >
> >
> __________________________________________________________
> ____
> >
> __________________________________________________________
> _
> >
> > Ce message et ses pieces jointes peuvent contenir des informations
> > confidentielles ou privilegiees et ne doivent donc pas etre diffuses,
> > exploites ou copies sans autorisation. Si vous avez recu ce message
> > par erreur, veuillez le signaler a l'expediteur et le detruire ainsi
> > que les pieces jointes. Les messages electroniques etant susceptibles
> > d'alteration, Orange decline toute responsabilite si ce message a ete
> > altere, deforme ou falsifie. Merci.
> >
> > This message and its attachments may contain confidential or
> > privileged information that may be protected by law; they should not
> > be distributed, used or copied without authorisation.
> > If you have received this email in error, please notify the sender and
> > delete this message and its attachments.
> > As emails may be altered, Orange is not liable for messages that have
> > been modified, changed or falsified.
> > Thank you.
> >
> > _______________________________________________
> > Isis-wg mailing list
> > Isis-wg@ietf.org<mailto:Isis-wg@ietf.org>
> > https://www.ietf.org/mailman/listinfo/isis-wg
>
> __________________________________________________________
> __________________________________________________________
> _____
>
> Ce message et ses pieces jointes peuvent contenir des informations
> confidentielles ou privilegiees et ne doivent donc pas etre diffuses, exploites
> ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez
> le signaler a l'expediteur et le detruire ainsi que les pieces jointes. Les
> messages electroniques etant susceptibles d'alteration, Orange decline toute
> responsabilite si ce message a ete altere, deforme ou falsifie. Merci.
>
> This message and its attachments may contain confidential or privileged
> information that may be protected by law; they should not be distributed,
> used or copied without authorisation.
> If you have received this email in error, please notify the sender and delete
> this message and its attachments.
> As emails may be altered, Orange is not liable for messages that have been
> modified, changed or falsified.
> Thank you.
>
> _______________________________________________
> Isis-wg mailing list
> Isis-wg@ietf.org<mailto:Isis-wg@ietf.org>
> https://www.ietf.org/mailman/listinfo/isis-wg

_______________________________________________
Isis-wg mailing list
Isis-wg@ietf.org<mailto:Isis-wg@ietf.org>
https://www.ietf.org/mailman/listinfo/isis-wg