IETF Logo Mail Archive

Re: [lisp] Restarting last call on LISP threats

Ronald Bonica <rbonica@juniper.net> Tue, 10 June 2014 17:06 UTC

Return-Path: <rbonica@juniper.net>
X-Original-To: lisp@ietfa.amsl.com
Delivered-To: lisp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6F5D91A0239 for <lisp@ietfa.amsl.com>; Tue, 10 Jun 2014 10:06:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.601
X-Spam-Level:
X-Spam-Status: No, score=-102.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, USER_IN_WHITELIST=-100] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FzG0oEiXOVu9 for <lisp@ietfa.amsl.com>; Tue, 10 Jun 2014 10:06:46 -0700 (PDT)
Received: from na01-bl2-obe.outbound.protection.outlook.com (mail-bl2lp0208.outbound.protection.outlook.com [207.46.163.208]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F0B231A019B for <lisp@ietf.org>; Tue, 10 Jun 2014 10:06:45 -0700 (PDT)
Received: from CO1PR05MB442.namprd05.prod.outlook.com (10.141.73.146) by CO1PR05MB444.namprd05.prod.outlook.com (10.141.73.140) with Microsoft SMTP Server (TLS) id 15.0.949.11; Tue, 10 Jun 2014 17:06:43 +0000
Received: from CO1PR05MB442.namprd05.prod.outlook.com ([169.254.13.68]) by CO1PR05MB442.namprd05.prod.outlook.com ([169.254.13.92]) with mapi id 15.00.0949.001; Tue, 10 Jun 2014 17:06:43 +0000
From: Ronald Bonica <rbonica@juniper.net>
To: Dino Farinacci <farinacci@gmail.com>
Thread-Topic: [lisp] Restarting last call on LISP threats
Thread-Index: AQHPhM36v1z5qcx3GU+Mb5TT+ra0YZtqkpgA
Date: Tue, 10 Jun 2014 17:06:42 +0000
Message-ID: <a7c188aabbfe41ef80645d2ee1d6df99@CO1PR05MB442.namprd05.prod.outlook.com>
References: <d690563db20d4fca945b810a14f37090@CO1PR05MB442.namprd05.prod.outlook.com> <B3A9D234-A6A2-45DC-B8FA-623B3A86DCE8@gmail.com>
In-Reply-To: <B3A9D234-A6A2-45DC-B8FA-623B3A86DCE8@gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [66.129.241.11]
x-microsoft-antispam: BL:0; ACTION:Default; RISK:Low; SCL:0; SPMLVL:NotSpam; PCL:0; RULEID:
x-forefront-prvs: 0238AEEDB0
x-forefront-antispam-report: SFV:NSPM; SFS:(6009001)(428001)(24454002)(13464003)(377454003)(51704005)(51444003)(189002)(199002)(79102001)(2656002)(83072002)(77982001)(80022001)(66066001)(85852003)(99396002)(76482001)(4396001)(46102001)(86362001)(76576001)(20776003)(19580395003)(64706001)(21056001)(1411001)(19580405001)(33646001)(81542001)(76176999)(74316001)(74662001)(101416001)(54356999)(87936001)(74502001)(50986999)(31966008)(83322001)(92566001)(81342001)(24736002); DIR:OUT; SFP:; SCL:1; SRVR:CO1PR05MB444; H:CO1PR05MB442.namprd05.prod.outlook.com; FPR:; MLV:sfv; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
received-spf: None (: juniper.net does not designate permitted sender hosts)
authentication-results: spf=none (sender IP is ) smtp.mailfrom=rbonica@juniper.net;
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: juniper.net
Archived-At: http://mailarchive.ietf.org/arch/msg/lisp/Rll-JwMSMsfuW7C1rYrJ3qYkBm0
Cc: LISP mailing list list <lisp@ietf.org>
Subject: Re: [lisp] Restarting last call on LISP threats
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Jun 2014 17:06:47 -0000

Hi Dino,

Given that the LISP data packet or ICMP packet may be from an attacker, is it even safe to glean that? I think not.

                                                                                                                Ron


> -----Original Message-----
> From: Dino Farinacci [mailto:farinacci@gmail.com]
> Sent: Tuesday, June 10, 2014 1:04 PM
> To: Ronald Bonica
> Cc: LISP mailing list list
> Subject: Re: [lisp] Restarting last call on LISP threats
> 
> 
> On Jun 10, 2014, at 9:57 AM, Ronald Bonica <rbonica@juniper.net> wrote:
> 
> > Earlier in this thread, we agreed that when LISP is deployed on the global
> Internet, mapping information cannot be gleaned safely from incoming LISP
> data packets. Following that train of thought, when LISP is deployed on the
> global Internet, is it safe to glean routing locator reachability information
> from incoming LISP data packets as described in RFC 6830, Section 6.3, bullet
> 1. If not, I think that we need to mention this in the threats document.
> 
> What you can glean is that the source RLOC is up, but you cannot glean your
> path to it is reachable.
> 
> > Given that ICMP packets are easily spoofed, when LISP is deployed on the
> global Internet, is it safe to glean routing locator reachability information
> from incoming ICMP packets as described in RFC 6830, Section 6.3, bullet 2
> and bullet 4. If not, I think that we need to mention this in the threats
> document.
> 
> What you can glean is that the source RLOC is up, but you cannot glean your
> path to it is reachable.
> 
> Dino
>

v2.23.0 | Report a Bug | By Email