Re: [lisp] Restarting last call on LISP threats
Damien Saucez <damien.saucez@gmail.com> Fri, 23 May 2014 13:06 UTC
Return-Path: <damien.saucez@gmail.com>
X-Original-To: lisp@ietfa.amsl.com
Delivered-To: lisp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8AFD01A01CD for <lisp@ietfa.amsl.com>; Fri, 23 May 2014 06:06:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.649
X-Spam-Level:
X-Spam-Status: No, score=-1.649 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HELO_EQ_FR=0.35, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PCHwzTlXU2ak for <lisp@ietfa.amsl.com>; Fri, 23 May 2014 06:06:40 -0700 (PDT)
Received: from mail-wi0-x22d.google.com (mail-wi0-x22d.google.com [IPv6:2a00:1450:400c:c05::22d]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 868DD1A0484 for <lisp@ietf.org>; Fri, 23 May 2014 06:06:39 -0700 (PDT)
Received: by mail-wi0-f173.google.com with SMTP id bs8so804996wib.12 for <lisp@ietf.org>; Fri, 23 May 2014 06:06:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date:cc :message-id:references:to; bh=4YdRuRKN6Drg1ZwWtnUwSGfYfUEf91aFpHNkOY4UXok=; b=ST1u918IMWo/jNH9czdYP01OkyHtPfMklup3NZnARr1wxK8g0cPqfEX9rpGNtaaMNk xjLd5X95wvwUV3WCgDM4pXEG405UKwMwarSqe07W2vTInhdZ9aODysfHNxVoAc21sall VESxomU6QlMeUdWEF8F+l7hWP0yqjN7Pbe7ty8PqOE3or8yKlVImuLySEOr/Ff1+dBjp eMwKf0SZgxGTIxwfCp9aRcq7EPtKMrATBWz+jc0L4+ZOPVgA4XD0XBh3rrfdIhyxDRDn Xa5Q9MB5N+xqVjAZU9PZ8ph3IzFinGEHErg9dib3rxmb19+IfvxaLpm55Tf8vECxb+bo DUfQ==
X-Received: by 10.194.5.5 with SMTP id o5mr4236320wjo.16.1400850396761; Fri, 23 May 2014 06:06:36 -0700 (PDT)
Received: from faucon.inria.fr (faucon.inria.fr. [138.96.201.73]) by mx.google.com with ESMTPSA id ln3sm3859894wjc.8.2014.05.23.06.06.35 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Fri, 23 May 2014 06:06:35 -0700 (PDT)
Content-Type: multipart/alternative; boundary="Apple-Mail=_DE9C606C-A0FF-4BD8-9BBD-9983ACDA443C"
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.2\))
From: Damien Saucez <damien.saucez@gmail.com>
In-Reply-To: <09d3b0d276004c88b6de1a59cf863062@CO1PR05MB442.namprd05.prod.outlook.com>
Date: Fri, 23 May 2014 15:06:34 +0200
Message-Id: <3269BEE4-C3E5-4D76-A1C0-0B70B6928A12@gmail.com>
References: <536CFA13.4010102@joelhalpern.com> <4e6c0aaac8fb4aba87ab137cc49b51dc@CO2PR05MB636.namprd05.prod.outlook.com> <CAKFn1SH_gu1+e6EsWESBsRw9EGiSQ+Z5r9E7GEhMO1FdNuM9nQ@mail.gmail.com> <1a200c5f5de041fbaf88edd1a5c3159c@CO1PR05MB442.namprd05.prod.outlook.com> <CAKFn1SEAZyydpQ4cx77mthsUx1HZqMwsM6xNuL4LJjG=oL1mjw@mail.gmail.com> <860b7987207345afb282a82862ff42c0@CO1PR05MB442.namprd05.prod.outlook.com> <F4799A7A-BAEF-458A-8C43-9DF16C9B7828@gmail.com> <e3be912f6afd4f0aa6c8414fede37c74@CO1PR05MB442.namprd05.prod.outlook.com> <2CF699DA-2BAA-4A76-BFF1-64625E001184@gmail.com> <09d3b0d276004c88b6de1a59cf863062@CO1PR05MB442.namprd05.prod.outlook.com>
To: Ronald Bonica <rbonica@juniper.net>
X-Mailer: Apple Mail (2.1878.2)
Archived-At: http://mailarchive.ietf.org/arch/msg/lisp/q719iS5HLIl6gIT1dIKzwHWMqUI
Cc: Roger Jorgensen <rogerj@gmail.com>, LISP mailing list list <lisp@ietf.org>
Subject: Re: [lisp] Restarting last call on LISP threats
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 23 May 2014 13:06:42 -0000
Hello Ronald, On 22 May 2014, at 22:57, Ronald Bonica <rbonica@juniper.net> wrote: > Dino, > > Today's Internet is not as fragile as you think. This mail traversed many routers between my house and yours. If those routers are well-managed, there is nothing that I can do from my house that will cause any of those routers to consume control plane resources. Therefore, there is nothing that I can do from my house that will cause a DoS attack against those routers' control planes. > We tend to disagree with that, for example you have ICMP today... > In LISP, separation between the forwarding and control plane is lost. As a matter of course, forwarding plane activity causes control plane activity. Since forwarding plane bandwidth exceeds control plane bandwidth, DoS attacks against the control plane are possible. > > In order to be complete, the threats document must describe the DoS threat. It should also describe mitigations, if any exist. > DoS is already explained and the definition given: " A Denial of Service (DoS) attack aims at disrupting a specific targeted service either by exhausting the resources of the victim up to the point that it is not able to provide a reliable service to legit traffic and/or systems or by exploiting vulnerabilities to make the targeted service unable to operate properly. " is covering the case you mention. Damien Saucez > Ron > > >> -----Original Message----- >> From: Dino Farinacci [mailto:farinacci@gmail.com] >> Sent: Wednesday, May 21, 2014 6:58 PM >> To: Ronald Bonica >> Cc: Roger Jorgensen; lisp@ietf.org >> Subject: Re: [lisp] Restarting last call on LISP threats >> >>> The attacker sends a flow of crafted packets to the victim XTR. Each packet >> is a well-formed LISP data packet. It contains: >>> >>> - an outer IP header (LOC->LOC) >>> - a UDP header >>> - a LISP Header >>> - an IP header (EID->EID) >>> - payload >> >> Just like a regular packet I can send to your home router today. So yes okay. >> So let's continue. See comments below. >> >>> Each packet contains control plane information that is new to the victim >> >> Be more specific about what control information are in these encapsulated >> packets. >> >>> XTR. For example, the victim XTR has no mapping information regarding >> either the source LOC or source EID prefix. Rather than gleaning this mapping >> information from the crafted packet, the victim XTR sends a verifying MAP- >> REQUEST to the mapping system. >>> >>> Assume that the attack flow is large (N packets per second). Assume also >> that the XTRs rate limit for MAP-REQUEST messages is less than N packets >> per second. Has the attack not effectively DoS'd the victim XTR? >> >> It caches the rate the rate the packets are coming in and eventually stops >> sending Map-Requests completely. >> >> It cannot stop the incoming rate of packets today just like a roque BGP >> attacker can send millions of packets per second to a peer regardless if it >> does or does not have the peer authentication key. >> >>> To make this attack work, every packet in the attack flow may need to have >> a unique, spoofed, source LOC. >> >> An implementation can detect that after rate limiting 1000s of such requests >> are happening that it just stops operation. >> >> What if I sent a Juniper 20 million routes today? >> >> The Internet is very fragile and LISP IS NOT making it worse. And in some >> cases it is making it better with integrated techniques. >> >> Dino > > _______________________________________________ > lisp mailing list > lisp@ietf.org > https://www.ietf.org/mailman/listinfo/lisp
- [lisp] Restarting last call on LISP threats Joel M. Halpern
- Re: [lisp] Restarting last call on LISP threats Ross Callon
- Re: [lisp] Restarting last call on LISP threats Roger Jørgensen
- Re: [lisp] Restarting last call on LISP threats Ross Callon
- Re: [lisp] Restarting last call on LISP threats Ronald Bonica
- Re: [lisp] Restarting last call on LISP threats Ronald Bonica
- Re: [lisp] Restarting last call on LISP threats Dino Farinacci
- Re: [lisp] Restarting last call on LISP threats Joel M. Halpern
- Re: [lisp] Restarting last call on LISP threats Roger Jørgensen
- Re: [lisp] Restarting last call on LISP threats Ronald Bonica
- Re: [lisp] Restarting last call on LISP threats Joel Halpern Direct
- Re: [lisp] Restarting last call on LISP threats Ronald Bonica
- Re: [lisp] Restarting last call on LISP threats Ronald Bonica
- Re: [lisp] Restarting last call on LISP threats Dino Farinacci
- Re: [lisp] Restarting last call on LISP threats Ronald Bonica
- Re: [lisp] Restarting last call on LISP threats Ross Callon
- Re: [lisp] Restarting last call on LISP threats Joel M. Halpern
- Re: [lisp] Restarting last call on LISP threats Ross Callon
- Re: [lisp] Restarting last call on LISP threats Dino Farinacci
- Re: [lisp] Restarting last call on LISP threats Sander Steffann
- Re: [lisp] Restarting last call on LISP threats Dino Farinacci
- Re: [lisp] Restarting last call on LISP threats Roger Jørgensen
- Re: [lisp] Restarting last call on LISP threats Ronald Bonica
- Re: [lisp] Restarting last call on LISP threats Dino Farinacci
- Re: [lisp] Restarting last call on LISP threats Damien Saucez
- Re: [lisp] Restarting last call on LISP threats Ross Callon
- Re: [lisp] Restarting last call on LISP threats Ronald Bonica
- Re: [lisp] Restarting last call on LISP threats Damien Saucez
- Re: [lisp] Restarting last call on LISP threats Ross Callon
- Re: [lisp] Restarting last call on LISP threats Damien Saucez
- Re: [lisp] Restarting last call on LISP threats Ronald Bonica
- Re: [lisp] Restarting last call on LISP threats Dino Farinacci
- Re: [lisp] Restarting last call on LISP threats Ronald Bonica
- Re: [lisp] Restarting last call on LISP threats Damien Saucez
- Re: [lisp] Restarting last call on LISP threats Dino Farinacci
- Re: [lisp] Restarting last call on LISP threats Ross Callon
- Re: [lisp] Restarting last call on LISP threats Ronald Bonica
- Re: [lisp] Restarting last call on LISP threats Ronald Bonica
- Re: [lisp] Restarting last call on LISP threats Roger Jørgensen
- Re: [lisp] Restarting last call on LISP threats Joel M. Halpern
- Re: [lisp] Restarting last call on LISP threats Ronald Bonica
- Re: [lisp] Restarting last call on LISP threats Sharon
- Re: [lisp] Restarting last call on LISP threats Paul Vinciguerra
- Re: [lisp] Restarting last call on LISP threats Joel M. Halpern
- Re: [lisp] Restarting last call on LISP threats Marc Binderberger
- Re: [lisp] Restarting last call on LISP threats Ronald Bonica
- Re: [lisp] Restarting last call on LISP threats Dino Farinacci
- Re: [lisp] Restarting last call on LISP threats Dino Farinacci
- Re: [lisp] Restarting last call on LISP threats Joel M. Halpern
- Re: [lisp] Restarting last call on LISP threats Dino Farinacci
- Re: [lisp] Restarting last call on LISP threats Sharon Barkai
- Re: [lisp] Restarting last call on LISP threats Dino Farinacci
- Re: [lisp] Restarting last call on LISP threats Damien Saucez
- Re: [lisp] Restarting last call on LISP threats Ronald Bonica
- Re: [lisp] Restarting last call on LISP threats Ronald Bonica
- Re: [lisp] Restarting last call on LISP threats Dino Farinacci
- Re: [lisp] Restarting last call on LISP threats Ronald Bonica
- Re: [lisp] Restarting last call on LISP threats Dino Farinacci
- Re: [lisp] Restarting last call on LISP threats Florin Coras
- Re: [lisp] Restarting last call on LISP threats Marc Binderberger
- Re: [lisp] Restarting last call on LISP threats Florin Coras
- Re: [lisp] Restarting last call on LISP threats Ross Callon
- Re: [lisp] Restarting last call on LISP threats Dino Farinacci
- Re: [lisp] Restarting last call on LISP threats Ronald Bonica
- Re: [lisp] Restarting last call on LISP threats Ronald Bonica
- Re: [lisp] Restarting last call on LISP threats Dino Farinacci
- Re: [lisp] Restarting last call on LISP threats Ronald Bonica
- Re: [lisp] Restarting last call on LISP threats Joel M. Halpern
- Re: [lisp] Restarting last call on LISP threats Dino Farinacci
- Re: [lisp] Restarting last call on LISP threats Ronald Bonica
- Re: [lisp] Restarting last call on LISP threats Dino Farinacci
- Re: [lisp] Restarting last call on LISP threats Darrel Lewis (darlewis)
- Re: [lisp] Restarting last call on LISP threats Ronald Bonica
- Re: [lisp] Restarting last call on LISP threats Damien Saucez
- Re: [lisp] Restarting last call on LISP threats Ross Callon
- Re: [lisp] Restarting last call on LISP threats Dino Farinacci
- Re: [lisp] Restarting last call on LISP threats Ross Callon
- Re: [lisp] Restarting last call on LISP threats Dino Farinacci
- Re: [lisp] Restarting last call on LISP threats Joel M. Halpern
- Re: [lisp] Restarting last call on LISP threats Dino Farinacci
- Re: [lisp] Restarting last call on LISP threats Ronald Bonica
- Re: [lisp] Restarting last call on LISP threats Luigi Iannone
- Re: [lisp] Restarting last call on LISP threats Ronald Bonica
- Re: [lisp] Restarting last call on LISP threats Joel M. Halpern
- Re: [lisp] Restarting last call on LISP threats Ronald Bonica
- Re: [lisp] Restarting last call on LISP threats Damien Saucez
- Re: [lisp] Restarting last call on LISP threats Brian Haberman
- Re: [lisp] Restarting last call on LISP threats Joel M. Halpern
- Re: [lisp] Restarting last call on LISP threats Brian Haberman
- Re: [lisp] Restarting last call on LISP threats Luigi Iannone
- Re: [lisp] Restarting last call on LISP threats Luigi Iannone
- Re: [lisp] Restarting last call on LISP threats Ross Callon
- Re: [lisp] Restarting last call on LISP threats Joel M. Halpern