IETF Logo Mail Archive

Re: [lisp] Restarting last call on LISP threats

Damien Saucez <damien.saucez@gmail.com> Fri, 23 May 2014 13:06 UTC

Return-Path: <damien.saucez@gmail.com>
X-Original-To: lisp@ietfa.amsl.com
Delivered-To: lisp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8AFD01A01CD for <lisp@ietfa.amsl.com>; Fri, 23 May 2014 06:06:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.649
X-Spam-Level:
X-Spam-Status: No, score=-1.649 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HELO_EQ_FR=0.35, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PCHwzTlXU2ak for <lisp@ietfa.amsl.com>; Fri, 23 May 2014 06:06:40 -0700 (PDT)
Received: from mail-wi0-x22d.google.com (mail-wi0-x22d.google.com [IPv6:2a00:1450:400c:c05::22d]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 868DD1A0484 for <lisp@ietf.org>; Fri, 23 May 2014 06:06:39 -0700 (PDT)
Received: by mail-wi0-f173.google.com with SMTP id bs8so804996wib.12 for <lisp@ietf.org>; Fri, 23 May 2014 06:06:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date:cc :message-id:references:to; bh=4YdRuRKN6Drg1ZwWtnUwSGfYfUEf91aFpHNkOY4UXok=; b=ST1u918IMWo/jNH9czdYP01OkyHtPfMklup3NZnARr1wxK8g0cPqfEX9rpGNtaaMNk xjLd5X95wvwUV3WCgDM4pXEG405UKwMwarSqe07W2vTInhdZ9aODysfHNxVoAc21sall VESxomU6QlMeUdWEF8F+l7hWP0yqjN7Pbe7ty8PqOE3or8yKlVImuLySEOr/Ff1+dBjp eMwKf0SZgxGTIxwfCp9aRcq7EPtKMrATBWz+jc0L4+ZOPVgA4XD0XBh3rrfdIhyxDRDn Xa5Q9MB5N+xqVjAZU9PZ8ph3IzFinGEHErg9dib3rxmb19+IfvxaLpm55Tf8vECxb+bo DUfQ==
X-Received: by 10.194.5.5 with SMTP id o5mr4236320wjo.16.1400850396761; Fri, 23 May 2014 06:06:36 -0700 (PDT)
Received: from faucon.inria.fr (faucon.inria.fr. [138.96.201.73]) by mx.google.com with ESMTPSA id ln3sm3859894wjc.8.2014.05.23.06.06.35 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Fri, 23 May 2014 06:06:35 -0700 (PDT)
Content-Type: multipart/alternative; boundary="Apple-Mail=_DE9C606C-A0FF-4BD8-9BBD-9983ACDA443C"
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.2\))
From: Damien Saucez <damien.saucez@gmail.com>
In-Reply-To: <09d3b0d276004c88b6de1a59cf863062@CO1PR05MB442.namprd05.prod.outlook.com>
Date: Fri, 23 May 2014 15:06:34 +0200
Message-Id: <3269BEE4-C3E5-4D76-A1C0-0B70B6928A12@gmail.com>
References: <536CFA13.4010102@joelhalpern.com> <4e6c0aaac8fb4aba87ab137cc49b51dc@CO2PR05MB636.namprd05.prod.outlook.com> <CAKFn1SH_gu1+e6EsWESBsRw9EGiSQ+Z5r9E7GEhMO1FdNuM9nQ@mail.gmail.com> <1a200c5f5de041fbaf88edd1a5c3159c@CO1PR05MB442.namprd05.prod.outlook.com> <CAKFn1SEAZyydpQ4cx77mthsUx1HZqMwsM6xNuL4LJjG=oL1mjw@mail.gmail.com> <860b7987207345afb282a82862ff42c0@CO1PR05MB442.namprd05.prod.outlook.com> <F4799A7A-BAEF-458A-8C43-9DF16C9B7828@gmail.com> <e3be912f6afd4f0aa6c8414fede37c74@CO1PR05MB442.namprd05.prod.outlook.com> <2CF699DA-2BAA-4A76-BFF1-64625E001184@gmail.com> <09d3b0d276004c88b6de1a59cf863062@CO1PR05MB442.namprd05.prod.outlook.com>
To: Ronald Bonica <rbonica@juniper.net>
X-Mailer: Apple Mail (2.1878.2)
Archived-At: http://mailarchive.ietf.org/arch/msg/lisp/q719iS5HLIl6gIT1dIKzwHWMqUI
Cc: Roger Jorgensen <rogerj@gmail.com>, LISP mailing list list <lisp@ietf.org>
Subject: Re: [lisp] Restarting last call on LISP threats
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 23 May 2014 13:06:42 -0000

Hello Ronald,


On 22 May 2014, at 22:57, Ronald Bonica <rbonica@juniper.net> wrote:

> Dino,
> 
> Today's Internet is not as fragile as you think. This mail traversed many routers between my house and yours. If those routers are well-managed, there is nothing that I can do from my house that will cause any of those routers to consume control plane resources. Therefore, there is nothing that I can do from my house that will cause a DoS attack against those routers' control planes.
> 
We tend to disagree with that, for example you have ICMP today...

> In LISP, separation between the forwarding and control plane is lost. As a matter of course, forwarding plane activity causes control plane activity. Since forwarding plane bandwidth exceeds control plane bandwidth, DoS attacks against the control plane are possible.
> 
> In order to be complete, the threats document must describe the DoS threat. It should also describe mitigations, if any exist.
> 

DoS is already explained and the definition given:

" A Denial of Service (DoS) attack aims at disrupting a specific
   targeted service either by exhausting the resources of the victim up
   to the point that it is not able to provide a reliable service to
   legit traffic and/or systems or by exploiting vulnerabilities to make
   the targeted service unable to operate properly.
"

is covering the case you mention.

Damien Saucez 

>                                                                                               Ron
> 
> 
>> -----Original Message-----
>> From: Dino Farinacci [mailto:farinacci@gmail.com]
>> Sent: Wednesday, May 21, 2014 6:58 PM
>> To: Ronald Bonica
>> Cc: Roger Jorgensen; lisp@ietf.org
>> Subject: Re: [lisp] Restarting last call on LISP threats
>> 
>>> The attacker sends a flow of crafted packets to the victim XTR. Each packet
>> is a well-formed LISP data packet. It contains:
>>> 
>>> - an outer IP header (LOC->LOC)
>>> - a UDP header
>>> - a LISP Header
>>> - an IP header (EID->EID)
>>> - payload
>> 
>> Just like a regular packet I can send to your home router today. So yes okay.
>> So let's continue. See comments below.
>> 
>>> Each packet contains control plane information that is new to the victim
>> 
>> Be more specific about what control information are in these encapsulated
>> packets.
>> 
>>> XTR. For example, the victim XTR has no mapping information regarding
>> either the source LOC or source EID prefix. Rather than gleaning this mapping
>> information from the crafted packet, the victim XTR sends a verifying MAP-
>> REQUEST to the mapping system.
>>> 
>>> Assume that the attack flow is large (N packets per second). Assume also
>> that the XTRs rate limit for MAP-REQUEST messages is less than N packets
>> per second. Has the attack not effectively DoS'd the victim XTR?
>> 
>> It caches the rate the rate the packets are coming in and eventually stops
>> sending Map-Requests completely.
>> 
>> It cannot stop the incoming rate of packets today just like a roque BGP
>> attacker can send millions of packets per second to a peer regardless if it
>> does or does not have the peer authentication key.
>> 
>>> To make this attack work, every packet in the attack flow may need to have
>> a unique, spoofed, source LOC.
>> 
>> An implementation can detect that after rate limiting 1000s of such requests
>> are happening that it just stops operation.
>> 
>> What if I sent a Juniper 20 million routes today?
>> 
>> The Internet is very fragile and LISP IS NOT making it worse. And in some
>> cases it is making it better with integrated techniques.
>> 
>> Dino
> 
> _______________________________________________
> lisp mailing list
> lisp@ietf.org
> https://www.ietf.org/mailman/listinfo/lisp

v2.23.0 | Report a Bug | By Email