Re: [lisp] Restarting last call on LISP threats

"Joel M. Halpern" <jmh@joelhalpern.com> Tue, 10 June 2014 17:17 UTC

Return-Path: <jmh@joelhalpern.com>
X-Original-To: lisp@ietfa.amsl.com
Delivered-To: lisp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 43DFD1A0238 for <lisp@ietfa.amsl.com>; Tue, 10 Jun 2014 10:17:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dduWWfcLkGOX for <lisp@ietfa.amsl.com>; Tue, 10 Jun 2014 10:17:33 -0700 (PDT)
Received: from maila2.tigertech.net (maila2.tigertech.net [208.80.4.152]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 98EA11A0040 for <lisp@ietf.org>; Tue, 10 Jun 2014 10:17:31 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by maila2.tigertech.net (Postfix) with ESMTP id 675082407A7; Tue, 10 Jun 2014 10:17:31 -0700 (PDT)
X-Virus-Scanned: Debian amavisd-new at maila2.tigertech.net
Received: from Joels-MacBook-Pro.local (pool-70-106-135-218.clppva.east.verizon.net [70.106.135.218]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by maila2.tigertech.net (Postfix) with ESMTPSA id A8854240AE4; Tue, 10 Jun 2014 10:17:30 -0700 (PDT)
Message-ID: <53973DAE.4050000@joelhalpern.com>
Date: Tue, 10 Jun 2014 13:17:34 -0400
From: "Joel M. Halpern" <jmh@joelhalpern.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:24.0) Gecko/20100101 Thunderbird/24.5.0
MIME-Version: 1.0
To: Ronald Bonica <rbonica@juniper.net>, Dino Farinacci <farinacci@gmail.com>
References: <d690563db20d4fca945b810a14f37090@CO1PR05MB442.namprd05.prod.outlook.com> <B3A9D234-A6A2-45DC-B8FA-623B3A86DCE8@gmail.com> <a7c188aabbfe41ef80645d2ee1d6df99@CO1PR05MB442.namprd05.prod.outlook.com>
In-Reply-To: <a7c188aabbfe41ef80645d2ee1d6df99@CO1PR05MB442.namprd05.prod.outlook.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/lisp/vhI_bv5d4LcYSo-ffucvLQPP2Mk
Cc: LISP mailing list list <lisp@ietf.org>
Subject: Re: [lisp] Restarting last call on LISP threats
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Jun 2014 17:17:36 -0000

I think that the treat scopes for the two cases are different.  Gleaning 
new RLOCs is clearly a significant risk.
Gleaning the liveness of an RLOC from the fact that it appears to be 
talking to you is a much lower risk.  With a much higher benefit.  I 
have no problem with noting that there is a risk, albeit somewhat 
complex.  But it should not be viewed in the same manner.  (All security 
is a matter of costs and benefits.)

Yours,
Joel

On 6/10/14, 1:06 PM, Ronald Bonica wrote:
> Hi Dino,
>
> Given that the LISP data packet or ICMP packet may be from an attacker, is it even safe to glean that? I think not.
>
>                                                                                                                  Ron
>
>
>> -----Original Message-----
>> From: Dino Farinacci [mailto:farinacci@gmail.com]
>> Sent: Tuesday, June 10, 2014 1:04 PM
>> To: Ronald Bonica
>> Cc: LISP mailing list list
>> Subject: Re: [lisp] Restarting last call on LISP threats
>>
>>
>> On Jun 10, 2014, at 9:57 AM, Ronald Bonica <rbonica@juniper.net> wrote:
>>
>>> Earlier in this thread, we agreed that when LISP is deployed on the global
>> Internet, mapping information cannot be gleaned safely from incoming LISP
>> data packets. Following that train of thought, when LISP is deployed on the
>> global Internet, is it safe to glean routing locator reachability information
>> from incoming LISP data packets as described in RFC 6830, Section 6.3, bullet
>> 1. If not, I think that we need to mention this in the threats document.
>>
>> What you can glean is that the source RLOC is up, but you cannot glean your
>> path to it is reachable.
>>
>>> Given that ICMP packets are easily spoofed, when LISP is deployed on the
>> global Internet, is it safe to glean routing locator reachability information
>> from incoming ICMP packets as described in RFC 6830, Section 6.3, bullet 2
>> and bullet 4. If not, I think that we need to mention this in the threats
>> document.
>>
>> What you can glean is that the source RLOC is up, but you cannot glean your
>> path to it is reachable.
>>
>> Dino
>>
>
> _______________________________________________
> lisp mailing list
> lisp@ietf.org
> https://www.ietf.org/mailman/listinfo/lisp
>