Re: [lisp] Restarting last call on LISP threats
Ronald Bonica <rbonica@juniper.net> Thu, 12 June 2014 00:17 UTC
Return-Path: <rbonica@juniper.net>
X-Original-To: lisp@ietfa.amsl.com
Delivered-To: lisp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 037971B28F0 for <lisp@ietfa.amsl.com>; Wed, 11 Jun 2014 17:17:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.902
X-Spam-Level:
X-Spam-Status: No, score=-101.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, USER_IN_WHITELIST=-100] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tAj4JE8VbsI4 for <lisp@ietfa.amsl.com>; Wed, 11 Jun 2014 17:17:48 -0700 (PDT)
Received: from na01-bn1-obe.outbound.protection.outlook.com (mail-bn1lp0142.outbound.protection.outlook.com [207.46.163.142]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 03F601B28E0 for <lisp@ietf.org>; Wed, 11 Jun 2014 17:17:47 -0700 (PDT)
Received: from CO1PR05MB442.namprd05.prod.outlook.com (10.141.73.146) by CO1PR05MB441.namprd05.prod.outlook.com (10.141.73.147) with Microsoft SMTP Server (TLS) id 15.0.949.11; Thu, 12 Jun 2014 00:17:45 +0000
Received: from CO1PR05MB442.namprd05.prod.outlook.com ([169.254.13.68]) by CO1PR05MB442.namprd05.prod.outlook.com ([169.254.13.92]) with mapi id 15.00.0949.001; Thu, 12 Jun 2014 00:17:45 +0000
From: Ronald Bonica <rbonica@juniper.net>
To: "Darrel Lewis (darlewis)" <darlewis@cisco.com>, "Joel M. Halpern" <jmh@joelhalpern.com>
Thread-Topic: [lisp] Restarting last call on LISP threats
Thread-Index: AQHPhM36v1z5qcx3GU+Mb5TT+ra0YZtqkpgAgAADiACAAek/gIAAHWtg
Date: Thu, 12 Jun 2014 00:17:44 +0000
Message-ID: <3608b211928f4d39b0c5a0c18da0ef29@CO1PR05MB442.namprd05.prod.outlook.com>
References: <d690563db20d4fca945b810a14f37090@CO1PR05MB442.namprd05.prod.outlook.com> <B3A9D234-A6A2-45DC-B8FA-623B3A86DCE8@gmail.com> <a7c188aabbfe41ef80645d2ee1d6df99@CO1PR05MB442.namprd05.prod.outlook.com> <53973DAE.4050000@joelhalpern.com> <3F96F55B-ED0A-436A-97F5-2196B81A1B91@cisco.com>
In-Reply-To: <3F96F55B-ED0A-436A-97F5-2196B81A1B91@cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [66.129.241.12]
x-microsoft-antispam: BL:0; ACTION:Default; RISK:Low; SCL:0; SPMLVL:NotSpam; PCL:0; RULEID:
x-forefront-prvs: 02408926C4
x-forefront-antispam-report: SFV:NSPM; SFS:(6009001)(428001)(24454002)(51444003)(51704005)(479174003)(377454003)(13464003)(199002)(189002)(20776003)(80022001)(46102001)(85852003)(83072002)(76482001)(86362001)(66066001)(76576001)(64706001)(77982001)(83322001)(74316001)(92566001)(33646001)(87936001)(101416001)(21056001)(2656002)(99286001)(54356999)(76176999)(50986999)(99396002)(31966008)(81542001)(19580405001)(81342001)(79102001)(15975445006)(19580395003)(93886003)(74662001)(4396001)(74502001)(24736002); DIR:OUT; SFP:; SCL:1; SRVR:CO1PR05MB441; H:CO1PR05MB442.namprd05.prod.outlook.com; FPR:; MLV:sfv; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
received-spf: None (: juniper.net does not designate permitted sender hosts)
authentication-results: spf=none (sender IP is ) smtp.mailfrom=rbonica@juniper.net;
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: juniper.net
Archived-At: http://mailarchive.ietf.org/arch/msg/lisp/iraMo3pZQODDtmNl7kte6sAz-F0
Cc: LISP mailing list list <lisp@ietf.org>
Subject: Re: [lisp] Restarting last call on LISP threats
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 12 Jun 2014 00:17:51 -0000
Hi Darrel, Does IOS implement a single RLOC Probe rate limiter (i.e. one rate limiter per box)? Or does it implement one rate limiter per RLOC? Ron > -----Original Message----- > From: Darrel Lewis (darlewis) [mailto:darlewis@cisco.com] > Sent: Wednesday, June 11, 2014 6:29 PM > To: Joel M. Halpern > Cc: Darrel Lewis (darlewis); Ronald Bonica; Dino Farinacci; LISP mailing list list > Subject: Re: [lisp] Restarting last call on LISP threats > > > On Jun 10, 2014, at 10:17 AM, Joel M. Halpern <jmh@joelhalpern.com> > wrote: > > > I think that the treat scopes for the two cases are different. Gleaning new > RLOCs is clearly a significant risk. > > Gleaning the liveness of an RLOC from the fact that it appears to be > > talking to you is a much lower risk. With a much higher benefit. I > > have no problem with noting that there is a risk, albeit somewhat > > complex. But it should not be viewed in the same manner. (All > > security is a matter of costs and benefits.) > > And to add one more bit of detail here, gleaning the liveness of an RLOC > who's status bit has changed can be (and is in our IOS implementation) > verified by a rate-limited RLOC Probe. > > -Darrel > > > > > Yours, > > Joel > > > > On 6/10/14, 1:06 PM, Ronald Bonica wrote: > >> Hi Dino, > >> > >> Given that the LISP data packet or ICMP packet may be from an attacker, > is it even safe to glean that? I think not. > >> > >> > >> Ron > >> > >> > >>> -----Original Message----- > >>> From: Dino Farinacci [mailto:farinacci@gmail.com] > >>> Sent: Tuesday, June 10, 2014 1:04 PM > >>> To: Ronald Bonica > >>> Cc: LISP mailing list list > >>> Subject: Re: [lisp] Restarting last call on LISP threats > >>> > >>> > >>> On Jun 10, 2014, at 9:57 AM, Ronald Bonica <rbonica@juniper.net> > wrote: > >>> > >>>> Earlier in this thread, we agreed that when LISP is deployed on the > >>>> global > >>> Internet, mapping information cannot be gleaned safely from incoming > >>> LISP data packets. Following that train of thought, when LISP is > >>> deployed on the global Internet, is it safe to glean routing locator > >>> reachability information from incoming LISP data packets as > >>> described in RFC 6830, Section 6.3, bullet 1. If not, I think that we need to > mention this in the threats document. > >>> > >>> What you can glean is that the source RLOC is up, but you cannot > >>> glean your path to it is reachable. > >>> > >>>> Given that ICMP packets are easily spoofed, when LISP is deployed > >>>> on the > >>> global Internet, is it safe to glean routing locator reachability > >>> information from incoming ICMP packets as described in RFC 6830, > >>> Section 6.3, bullet 2 and bullet 4. If not, I think that we need to > >>> mention this in the threats document. > >>> > >>> What you can glean is that the source RLOC is up, but you cannot > >>> glean your path to it is reachable. > >>> > >>> Dino > >>> > >> > >> _______________________________________________ > >> lisp mailing list > >> lisp@ietf.org > >> https://www.ietf.org/mailman/listinfo/lisp > >> > > > > _______________________________________________ > > lisp mailing list > > lisp@ietf.org > > https://www.ietf.org/mailman/listinfo/lisp
- [lisp] Restarting last call on LISP threats Joel M. Halpern
- Re: [lisp] Restarting last call on LISP threats Ross Callon
- Re: [lisp] Restarting last call on LISP threats Roger Jørgensen
- Re: [lisp] Restarting last call on LISP threats Ross Callon
- Re: [lisp] Restarting last call on LISP threats Ronald Bonica
- Re: [lisp] Restarting last call on LISP threats Ronald Bonica
- Re: [lisp] Restarting last call on LISP threats Dino Farinacci
- Re: [lisp] Restarting last call on LISP threats Joel M. Halpern
- Re: [lisp] Restarting last call on LISP threats Roger Jørgensen
- Re: [lisp] Restarting last call on LISP threats Ronald Bonica
- Re: [lisp] Restarting last call on LISP threats Joel Halpern Direct
- Re: [lisp] Restarting last call on LISP threats Ronald Bonica
- Re: [lisp] Restarting last call on LISP threats Ronald Bonica
- Re: [lisp] Restarting last call on LISP threats Dino Farinacci
- Re: [lisp] Restarting last call on LISP threats Ronald Bonica
- Re: [lisp] Restarting last call on LISP threats Ross Callon
- Re: [lisp] Restarting last call on LISP threats Joel M. Halpern
- Re: [lisp] Restarting last call on LISP threats Ross Callon
- Re: [lisp] Restarting last call on LISP threats Dino Farinacci
- Re: [lisp] Restarting last call on LISP threats Sander Steffann
- Re: [lisp] Restarting last call on LISP threats Dino Farinacci
- Re: [lisp] Restarting last call on LISP threats Roger Jørgensen
- Re: [lisp] Restarting last call on LISP threats Ronald Bonica
- Re: [lisp] Restarting last call on LISP threats Dino Farinacci
- Re: [lisp] Restarting last call on LISP threats Damien Saucez
- Re: [lisp] Restarting last call on LISP threats Ross Callon
- Re: [lisp] Restarting last call on LISP threats Ronald Bonica
- Re: [lisp] Restarting last call on LISP threats Damien Saucez
- Re: [lisp] Restarting last call on LISP threats Ross Callon
- Re: [lisp] Restarting last call on LISP threats Damien Saucez
- Re: [lisp] Restarting last call on LISP threats Ronald Bonica
- Re: [lisp] Restarting last call on LISP threats Dino Farinacci
- Re: [lisp] Restarting last call on LISP threats Ronald Bonica
- Re: [lisp] Restarting last call on LISP threats Damien Saucez
- Re: [lisp] Restarting last call on LISP threats Dino Farinacci
- Re: [lisp] Restarting last call on LISP threats Ross Callon
- Re: [lisp] Restarting last call on LISP threats Ronald Bonica
- Re: [lisp] Restarting last call on LISP threats Ronald Bonica
- Re: [lisp] Restarting last call on LISP threats Roger Jørgensen
- Re: [lisp] Restarting last call on LISP threats Joel M. Halpern
- Re: [lisp] Restarting last call on LISP threats Ronald Bonica
- Re: [lisp] Restarting last call on LISP threats Sharon
- Re: [lisp] Restarting last call on LISP threats Paul Vinciguerra
- Re: [lisp] Restarting last call on LISP threats Joel M. Halpern
- Re: [lisp] Restarting last call on LISP threats Marc Binderberger
- Re: [lisp] Restarting last call on LISP threats Ronald Bonica
- Re: [lisp] Restarting last call on LISP threats Dino Farinacci
- Re: [lisp] Restarting last call on LISP threats Dino Farinacci
- Re: [lisp] Restarting last call on LISP threats Joel M. Halpern
- Re: [lisp] Restarting last call on LISP threats Dino Farinacci
- Re: [lisp] Restarting last call on LISP threats Sharon Barkai
- Re: [lisp] Restarting last call on LISP threats Dino Farinacci
- Re: [lisp] Restarting last call on LISP threats Damien Saucez
- Re: [lisp] Restarting last call on LISP threats Ronald Bonica
- Re: [lisp] Restarting last call on LISP threats Ronald Bonica
- Re: [lisp] Restarting last call on LISP threats Dino Farinacci
- Re: [lisp] Restarting last call on LISP threats Ronald Bonica
- Re: [lisp] Restarting last call on LISP threats Dino Farinacci
- Re: [lisp] Restarting last call on LISP threats Florin Coras
- Re: [lisp] Restarting last call on LISP threats Marc Binderberger
- Re: [lisp] Restarting last call on LISP threats Florin Coras
- Re: [lisp] Restarting last call on LISP threats Ross Callon
- Re: [lisp] Restarting last call on LISP threats Dino Farinacci
- Re: [lisp] Restarting last call on LISP threats Ronald Bonica
- Re: [lisp] Restarting last call on LISP threats Ronald Bonica
- Re: [lisp] Restarting last call on LISP threats Dino Farinacci
- Re: [lisp] Restarting last call on LISP threats Ronald Bonica
- Re: [lisp] Restarting last call on LISP threats Joel M. Halpern
- Re: [lisp] Restarting last call on LISP threats Dino Farinacci
- Re: [lisp] Restarting last call on LISP threats Ronald Bonica
- Re: [lisp] Restarting last call on LISP threats Dino Farinacci
- Re: [lisp] Restarting last call on LISP threats Darrel Lewis (darlewis)
- Re: [lisp] Restarting last call on LISP threats Ronald Bonica
- Re: [lisp] Restarting last call on LISP threats Damien Saucez
- Re: [lisp] Restarting last call on LISP threats Ross Callon
- Re: [lisp] Restarting last call on LISP threats Dino Farinacci
- Re: [lisp] Restarting last call on LISP threats Ross Callon
- Re: [lisp] Restarting last call on LISP threats Dino Farinacci
- Re: [lisp] Restarting last call on LISP threats Joel M. Halpern
- Re: [lisp] Restarting last call on LISP threats Dino Farinacci
- Re: [lisp] Restarting last call on LISP threats Ronald Bonica
- Re: [lisp] Restarting last call on LISP threats Luigi Iannone
- Re: [lisp] Restarting last call on LISP threats Ronald Bonica
- Re: [lisp] Restarting last call on LISP threats Joel M. Halpern
- Re: [lisp] Restarting last call on LISP threats Ronald Bonica
- Re: [lisp] Restarting last call on LISP threats Damien Saucez
- Re: [lisp] Restarting last call on LISP threats Brian Haberman
- Re: [lisp] Restarting last call on LISP threats Joel M. Halpern
- Re: [lisp] Restarting last call on LISP threats Brian Haberman
- Re: [lisp] Restarting last call on LISP threats Luigi Iannone
- Re: [lisp] Restarting last call on LISP threats Luigi Iannone
- Re: [lisp] Restarting last call on LISP threats Ross Callon
- Re: [lisp] Restarting last call on LISP threats Joel M. Halpern