IETF Logo Mail Archive

Re: [lisp] Restarting last call on LISP threats

Ronald Bonica <rbonica@juniper.net> Tue, 10 June 2014 16:57 UTC

Return-Path: <rbonica@juniper.net>
X-Original-To: lisp@ietfa.amsl.com
Delivered-To: lisp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 349BF1A0202 for <lisp@ietfa.amsl.com>; Tue, 10 Jun 2014 09:57:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.902
X-Spam-Level:
X-Spam-Status: No, score=-101.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, USER_IN_WHITELIST=-100] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id i8azWmETienL for <lisp@ietfa.amsl.com>; Tue, 10 Jun 2014 09:57:55 -0700 (PDT)
Received: from na01-bn1-obe.outbound.protection.outlook.com (mail-bn1lp0140.outbound.protection.outlook.com [207.46.163.140]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CBDEB1A0096 for <lisp@ietf.org>; Tue, 10 Jun 2014 09:57:54 -0700 (PDT)
Received: from CO1PR05MB442.namprd05.prod.outlook.com (10.141.73.146) by CO1PR05MB442.namprd05.prod.outlook.com (10.141.73.146) with Microsoft SMTP Server (TLS) id 15.0.949.11; Tue, 10 Jun 2014 16:57:52 +0000
Received: from CO1PR05MB442.namprd05.prod.outlook.com ([169.254.13.68]) by CO1PR05MB442.namprd05.prod.outlook.com ([169.254.13.92]) with mapi id 15.00.0949.001; Tue, 10 Jun 2014 16:57:52 +0000
From: Ronald Bonica <rbonica@juniper.net>
To: LISP mailing list list <lisp@ietf.org>
Thread-Topic: Re: [lisp] Restarting last call on LISP threats
Thread-Index: Ac+Eyeoh9i5jvyNETwW6IzG0gJ4tsw==
Date: Tue, 10 Jun 2014 16:57:50 +0000
Message-ID: <d690563db20d4fca945b810a14f37090@CO1PR05MB442.namprd05.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [66.129.241.11]
x-microsoft-antispam: BL:0; ACTION:Default; RISK:Low; SCL:0; SPMLVL:NotSpam; PCL:0; RULEID:
x-forefront-prvs: 0238AEEDB0
x-forefront-antispam-report: SFV:NSPM; SFS:(6009001)(428001)(51444003)(199002)(189002)(76576001)(74502001)(74662001)(31966008)(4396001)(81542001)(21056001)(46102001)(77982001)(76482001)(33646001)(81342001)(83072002)(85852003)(20776003)(2656002)(99396002)(101416001)(74316001)(66066001)(64706001)(54356999)(86362001)(79102001)(92566001)(80022001)(50986999)(83322001)(87936001)(24736002); DIR:OUT; SFP:; SCL:1; SRVR:CO1PR05MB442; H:CO1PR05MB442.namprd05.prod.outlook.com; FPR:; MLV:sfv; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
received-spf: None (: juniper.net does not designate permitted sender hosts)
authentication-results: spf=none (sender IP is ) smtp.mailfrom=rbonica@juniper.net;
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: juniper.net
Archived-At: http://mailarchive.ietf.org/arch/msg/lisp/6iXTlcZJuaecPtfluzieEsKY2yA
Subject: Re: [lisp] Restarting last call on LISP threats
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Jun 2014 16:57:56 -0000

Folks,

Earlier in this thread, we agreed that when LISP is deployed on the global Internet, mapping information cannot be gleaned safely from incoming LISP data packets. Following that train of thought, when LISP is deployed on the global Internet, is it safe to glean routing locator reachability information from incoming LISP data packets as described in RFC 6830, Section 6.3, bullet 1. If not, I think that we need to mention this in the threats document.

Given that ICMP packets are easily spoofed, when LISP is deployed on the global Internet, is it safe to glean routing locator reachability information from incoming ICMP packets as described in RFC 6830, Section 6.3, bullet 2 and bullet 4. If not, I think that we need to mention this in the threats document.

Ron Bonica

v2.23.0 | Report a Bug | By Email