Re: [lisp] Restarting last call on LISP threats

Dino Farinacci <farinacci@gmail.com> Wed, 21 May 2014 22:57 UTC

Return-Path: <farinacci@gmail.com>
X-Original-To: lisp@ietfa.amsl.com
Delivered-To: lisp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 270F61A00B1 for <lisp@ietfa.amsl.com>; Wed, 21 May 2014 15:57:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id paYqjWCT94w9 for <lisp@ietfa.amsl.com>; Wed, 21 May 2014 15:57:44 -0700 (PDT)
Received: from mail-qg0-x22e.google.com (mail-qg0-x22e.google.com [IPv6:2607:f8b0:400d:c04::22e]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 610821A03C7 for <lisp@ietf.org>; Wed, 21 May 2014 15:57:44 -0700 (PDT)
Received: by mail-qg0-f46.google.com with SMTP id q108so4228289qgd.19 for <lisp@ietf.org>; Wed, 21 May 2014 15:57:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=7Y+M/WmdWJH+Uewl9JIhtT4J4va2kOSI5DrDWLA10OY=; b=e85p5tMY05/jBrIfip7A99AxDe6rPd22D90IoSN5NMZLyB6Q7swLWsKcRTFGlsCQzp PBHj1FrjBJl6ZyWpNAWcQ1GhMfV9JEBOSyc47F+Tq0nHaiqWzxzyFQnfV2RK/e7aNiJM Cax1Ue5NdfQLfkCkoZPMOy1oHhcRKotfEIlqLDN4m3P4UdfanbCWwVUU6SmNbCYg8Zb1 UrSjnHQHdRCw5uFi/n1SqSZFddWWmtS+ygTj3waLn9jFgzgaro7CHzA8cY+QfwKD5B2V EaVdj7l/iEZBAQJXuKhH/zVuL6pnFrlkvGezc/p9LFXpgd34fO1BdShStMJ0DKZwJEx2 KDLg==
X-Received: by 10.140.97.55 with SMTP id l52mr71106883qge.19.1400713062946; Wed, 21 May 2014 15:57:42 -0700 (PDT)
Received: from [10.77.0.78] (mobile-198-228-204-213.mycingular.net. [198.228.204.213]) by mx.google.com with ESMTPSA id r14sm1564074qga.4.2014.05.21.15.57.41 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Wed, 21 May 2014 15:57:41 -0700 (PDT)
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (1.0)
From: Dino Farinacci <farinacci@gmail.com>
X-Mailer: iPhone Mail (11D167)
In-Reply-To: <e3be912f6afd4f0aa6c8414fede37c74@CO1PR05MB442.namprd05.prod.outlook.com>
Date: Wed, 21 May 2014 18:57:41 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <2CF699DA-2BAA-4A76-BFF1-64625E001184@gmail.com>
References: <536CFA13.4010102@joelhalpern.com> <4e6c0aaac8fb4aba87ab137cc49b51dc@CO2PR05MB636.namprd05.prod.outlook.com> <CAKFn1SH_gu1+e6EsWESBsRw9EGiSQ+Z5r9E7GEhMO1FdNuM9nQ@mail.gmail.com> <1a200c5f5de041fbaf88edd1a5c3159c@CO1PR05MB442.namprd05.prod.outlook.com> <CAKFn1SEAZyydpQ4cx77mthsUx1HZqMwsM6xNuL4LJjG=oL1mjw@mail.gmail.com> <860b7987207345afb282a82862ff42c0@CO1PR05MB442.namprd05.prod.outlook.com> <F4799A7A-BAEF-458A-8C43-9DF16C9B7828@gmail.com> <e3be912f6afd4f0aa6c8414fede37c74@CO1PR05MB442.namprd05.prod.outlook.com>
To: Ronald Bonica <rbonica@juniper.net>
Archived-At: http://mailarchive.ietf.org/arch/msg/lisp/HJubi05yrCogC98o3_96e8KspOw
Cc: Roger Jorgensen <rogerj@gmail.com>, "lisp@ietf.org" <lisp@ietf.org>
Subject: Re: [lisp] Restarting last call on LISP threats
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 21 May 2014 22:57:46 -0000

> The attacker sends a flow of crafted packets to the victim XTR. Each packet is a well-formed LISP data packet. It contains:
> 
> - an outer IP header (LOC->LOC)
> - a UDP header
> - a LISP Header
> - an IP header (EID->EID)
> - payload

Just like a regular packet I can send to your home router today. So yes okay. So let's continue. See comments below. 

> Each packet contains control plane information that is new to the victim

Be more specific about what control information are in these encapsulated packets. 

> XTR. For example, the victim XTR has no mapping information regarding either the source LOC or source EID prefix. Rather than gleaning this mapping information from the crafted packet, the victim XTR sends a verifying MAP-REQUEST to the mapping system.
> 
> Assume that the attack flow is large (N packets per second). Assume also that the XTRs rate limit for MAP-REQUEST messages is less than N packets per second. Has the attack not effectively DoS'd the victim XTR?

It caches the rate the rate the packets are coming in and eventually stops sending Map-Requests completely. 

It cannot stop the incoming rate of packets today just like a roque BGP attacker can send millions of packets per second to a peer regardless if it does or does not have the peer authentication key. 

> To make this attack work, every packet in the attack flow may need to have a unique, spoofed, source LOC.

An implementation can detect that after rate limiting 1000s of such requests are happening that it just stops operation. 

What if I sent a Juniper 20 million routes today?

The Internet is very fragile and LISP IS NOT making it worse. And in some cases it is making it better with integrated techniques. 

Dino