Re: [MEXT] re-direction attack on MCoA
marcelo bagnulo braun <marcelo@it.uc3m.es> Wed, 06 February 2008 15:04 UTC
Return-Path: <mext-bounces@ietf.org>
X-Original-To: ietfarch-mext-archive@core3.amsl.com
Delivered-To: ietfarch-mext-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 4AD933A6E75; Wed, 6 Feb 2008 07:04:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.948
X-Spam-Level:
X-Spam-Status: No, score=-3.948 tagged_above=-999 required=5 tests=[AWL=-0.186, BAYES_00=-2.599, RCVD_BAD_ID=2.837, RCVD_IN_DNSWL_MED=-4]
Received: from core3.amsl.com ([127.0.0.1]) by localhost (mail.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ru6O1FU08Wp5; Wed, 6 Feb 2008 07:04:35 -0800 (PST)
Received: from core3.amsl.com (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 2A4D93A6E6C; Wed, 6 Feb 2008 07:04:35 -0800 (PST)
X-Original-To: mext@core3.amsl.com
Delivered-To: mext@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 31B8E3A6E6A for <mext@core3.amsl.com>; Wed, 6 Feb 2008 07:04:34 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
Received: from core3.amsl.com ([127.0.0.1]) by localhost (mail.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tTeeMBJSqyOH for <mext@core3.amsl.com>; Wed, 6 Feb 2008 07:04:33 -0800 (PST)
Received: from smtp03.uc3m.es (smtp03.uc3m.es [163.117.176.133]) by core3.amsl.com (Postfix) with ESMTP id E3F9E3A6E17 for <mext@ietf.org>; Wed, 6 Feb 2008 07:04:32 -0800 (PST)
Received: from chelo-it-uc3m-es.it.uc3m.es (chelo-it-uc3m-es.it.uc3m.es [163.117.139.71])(using TLSv1 with cipher AES128-SHA (128/128 bits))(No client certificate requested)by smtp03.uc3m.es (Postfix) with ESMTP id 05B522DAC28;Wed, 6 Feb 2008 16:04:04 +0100 (CET)
Message-Id: <24B2D6E8-015E-484F-B97B-ACD6649621AF@it.uc3m.es>
From: marcelo bagnulo braun <marcelo@it.uc3m.es>
To: "Pascal Thubert (pthubert)" <pthubert@cisco.com>
In-Reply-To: <7892795E1A87F04CADFCCF41FADD00FC0526C76F@xmb-ams-337.emea.cisco.com>
Mime-Version: 1.0 (Apple Message framework v915)
Date: Wed, 06 Feb 2008 16:04:03 +0100
References: <7892795E1A87F04CADFCCF41FADD00FC0526C76F@xmb-ams-337.emea.cisco.com>
X-Mailer: Apple Mail (2.915)
X-imss-version: 2.049
X-imss-result: Passed
X-imss-scanInfo: M:B L:E SM:2
X-imss-tmaseResult: TT:1 TS:-21.6138 TC:02 TRN:40 TV:5.0.1023(15714.000)
X-imss-scores: Clean:100.00000 C:0 M:0 S:0 R:0
X-imss-settings: Baseline:1 C:1 M:1 S:1 R:1 (0.0000 0.0000)
Cc: Julien Laganier <julien.laganier@laposte.net>, mext@ietf.org
Subject: Re: [MEXT] re-direction attack on MCoA
X-BeenThere: mext@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Mobile IPv6 EXTensions WG <mext.ietf.org>
List-Unsubscribe: <http://www.ietf.org/mailman/listinfo/mext>, <mailto:mext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/mext>
List-Post: <mailto:mext@ietf.org>
List-Help: <mailto:mext-request@ietf.org?subject=help>
List-Subscribe: <http://www.ietf.org/mailman/listinfo/mext>, <mailto:mext-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Sender: mext-bounces@ietf.org
Errors-To: mext-bounces@ietf.org
The idea at this point afaiu is to work on a draft trying to identify residual threats in mip6 and then figure out if we should do something about some of them You are kindly invited to join that effort, that i understand GEorge, Wassim and Ben are starting Regards, marcelo El 06/02/2008, a las 14:28, Pascal Thubert (pthubert) escribió: > Hi Marcelo: > > I think there should be a separate draft for the RR check to the > CoA. The problem is everywhere and not specific to MCoA, just like > it's not specific to DSMIP. > > The trouble is that the draft in question is never started. I'll be > happy to give away the text from RRH for that noble purpose ;) > > Pascal > > >> -----Original Message----- >> From: marcelo bagnulo braun [mailto:marcelo@it.uc3m.es] >> Sent: mercredi 30 janvier 2008 17:46 >> To: Pascal Thubert (pthubert) >> Cc: Wassim Haddad; Benjamin Lim; Julien Laganier; mext@ietf.org >> Subject: Re: [MEXT] re-direction attack on MCoA >> >> Pascal, >> >> The question at this point is the following one: do you think >> that this threat should be addressed in the MCoA draft itself? >> >> comments? >> >> Regards, marcelo >> >> >> El 30/01/2008, a las 10:09, Pascal Thubert (pthubert) escribió: >> >>> I agree with Wassim on both mails. >>> >>> There's also the situation where the MN/MR might be fooled by the >>> visited network into believing that the CoA (or its prefix if a >>> network is attacked as opposed to a host) is on the visited link. >>> DSMIP is also exposed, in particular with IPv4 CoAs. >>> >>> There are many scenarios that do not involve high mobility were a 3- >>> way or a 4-way handshake could be used to verify the CoA. We have >>> proposed such a test in section 6 of the RRH draft that uses a >>> triggered 2nd BU flow to verify the CoA in the first one: >>> >> http://tools.ietf.org/html/draft-thubert-nemo-reverse-routing- >> header-0 >>> 7# >>> section-6 >>> >>> >>> Pascal >>> >>> >>>> -----Original Message----- >>>> From: Wassim Haddad [mailto:whaddad@tcs.hut.fi] >>>> Sent: mercredi 30 janvier 2008 09:32 >>>> To: Benjamin Lim >>>> Cc: 'Julien Laganier'; mext@ietf.org >>>> Subject: RE: [MEXT] re-direction attack on MCoA >>>> >>>> On Wed, 30 Jan 2008, Benjamin Lim wrote: >>>> >>>>> All in all, what I am trying to say is that tracing only >> limits the >>>>> effect of the attack from escalating further and not preventing >>>>> it. >>>> >>>> => which (again) also perfectly applies to a single CoA. >>>> >>>> >>>> Regards, >>>> >>>> Wassim H. >>>> >>>> >>>> _______________________________________________ >>>> MEXT mailing list >>>> MEXT@ietf.org >>>> https://www1.ietf.org/mailman/listinfo/mext >>>> >>> >>> _______________________________________________ >>> MEXT mailing list >>> MEXT@ietf.org >>> https://www1.ietf.org/mailman/listinfo/mext >> >> > _______________________________________________ > MEXT mailing list > MEXT@ietf.org > http://www.ietf.org/mailman/listinfo/mext _______________________________________________ MEXT mailing list MEXT@ietf.org http://www.ietf.org/mailman/listinfo/mext
- RE: [MEXT] re-direction attack on MCoA Benjamin Lim
- [MEXT] re-direction attack on MCoA RYUJI WAKIKAWA
- RE: [MEXT] re-direction attack on MCoA Benjamin Lim
- Re: [MEXT] re-direction attack on MCoA marcelo bagnulo braun
- Re: [MEXT] re-direction attack on MCoA RYUJI WAKIKAWA
- Re: [MEXT] re-direction attack on MCoA Wassim Haddad
- Re: [MEXT] re-direction attack on MCoA Vijay Devarapalli
- RE: [MEXT] re-direction attack on MCoA Benjamin Lim
- Re: [MEXT] re-direction attack on MCoA George Tsirtsis
- Re: [MEXT] re-direction attack on MCoA Julien Laganier
- Re: [MEXT] re-direction attack on MCoA Wassim Haddad
- RE: [MEXT] re-direction attack on MCoA Benjamin Lim
- RE: [MEXT] re-direction attack on MCoA Benjamin Lim
- RE: [MEXT] re-direction attack on MCoA Wassim Haddad
- RE: [MEXT] re-direction attack on MCoA Pascal Thubert (pthubert)
- Re: [MEXT] re-direction attack on MCoA marcelo bagnulo braun
- Re: [MEXT] re-direction attack on MCoA marcelo bagnulo braun
- Re: [MEXT] re-direction attack on MCoA Wassim Haddad
- Re: [MEXT] re-direction attack on MCoA marcelo bagnulo braun
- Re: [MEXT] re-direction attack on MCoA Wassim Haddad
- RE: [MEXT] re-direction attack on MCoA Benjamin Lim
- RE: [MEXT] re-direction attack on MCoA Benjamin Lim
- Re: [MEXT] re-direction attack on MCoA marcelo bagnulo braun
- RE: [MEXT] re-direction attack on MCoA Suresh Krishnan
- Re: [MEXT] re-direction attack on MCoA George Tsirtsis
- Re: [MEXT] re-direction attack on MCoA Jean-Michel Combes
- Re: [MEXT] re-direction attack on MCoA RYUJI WAKIKAWA
- Re: [MEXT] re-direction attack on MCoA Pascal Thubert (pthubert)
- Re: [MEXT] re-direction attack on MCoA marcelo bagnulo braun
- [MEXT] MIP threats (Re: re-direction attack on MC… Lakshminath Dondeti
- Re: [MEXT] MIP threats (Re: re-direction attack o… marcelo bagnulo braun
- Re: [MEXT] MIP threats (Re: re-direction attack o… George Tsirtsis