Re: [MEXT] MIP threats (Re: re-direction attack on MCoA)

["George Tsirtsis" <tsirtsis@googlemail.com>]

Yes, it is in my todo list to read those as I create a presentation
for this for the IETF meeting.

George

On Feb 11, 2008 9:54 AM, marcelo bagnulo braun <marcelo@it.uc3m.es> wrote:
> Hi Lakshminath,
>
> I haven't review the document, but the document that i understand
> George, Wassim and Ben are thinking about is an analysis of residual
> threats in rfc3775 (or more in general in MIPv6). I mean, assuming all
> the security measures currently available, what threats are still
> there and whether we need to address them. One clear case if the case
> of flooding attack towards a given using the HA, as Ben and other
> folks have noticed
>
> Regards, marcelo
>
>
> El 07/02/2008, a las 23:27, Lakshminath Dondeti escribió:
>
> > Hi Suresh, George, all,
> >
> > Please see
> > draft-vidya-ip-mobility-threats-01
> > draft-vidya-ip-mobility-sec-reqs-01
> >
> > Christian, Charles, Vidya and I have been working on the same topic
> > and
> > wrote those documents (we hope to prepare an update before the next
> > meeting).  Perhaps these could be a starting point?
> >
> > regards,
> > Lakshminath
> >
> > On 1/31/2008 3:08 AM, George Tsirtsis wrote:
> >> I am of course also interested in this work. I guess we already have
> >> enough people to get the ball rolling on this.
> >>
> >> Thanks
> >> George
> >>
> >> On Jan 31, 2008 10:59 AM, Suresh Krishnan <suresh.krishnan@ericsson.com
> >> > wrote:
> >>> Hi Marcelo,
> >>>  I am willing to work on a generic MIPv6 threats document along
> >>> with the other interested people.
> >>>
> >>> Cheers
> >>> Suresh
> >>>
> >>> -----Original Message-----
> >>> From: marcelo bagnulo braun [mailto:marcelo@it.uc3m.es]
> >>> Sent: January 31, 2008 11:13 AM
> >>> To: Wassim Haddad
> >>> Cc: Julien Laganier; mext@ietf.org
> >>>
> >>> Subject: Re: [MEXT] re-direction attack on MCoA
> >>>
> >>>
> >>> El 30/01/2008, a las 19:16, Wassim Haddad escribió:
> >>>> => As there is a clear interest in the redirection attack on the HA
> >>>> side, I volunteer to do some work on this one.
> >>>>
> >>> I think the work should be general to all residual threats on MIP as
> >>> George mentioned, i think this would be more interesting since it
> >>> would allow us to put the different threats in perspective and
> >>> figure
> >>> out which ones we should address.
> >>>
> >>>
> >>>
> >>>> Regards,
> >>>>
> >>>> Wassim H.
> >>>>
> >>>>
> >>>>> El 30/01/2008, a las 18:19, Wassim Haddad escribió:
> >>>>>
> >>>>>> Hi Marcelo,
> >>>>>> IMHO, this topic has to be included as a new item in the new
> >>>>>> charter and
> >>>>>> should not be limited to MCoA.
> >>>>>> Regards,
> >>>>>> Wassim H.
> >>>>>> On Wed, 30 Jan 2008, marcelo bagnulo braun wrote:
> >>>>>>> Pascal,
> >>>>>>> The question at this point is the following one: do you think
> >>>>>>> that this threat should be addressed in the MCoA draft itself?
> >>>>>>> comments?
> >>>>>>> Regards, marcelo
> >>>>>>> El 30/01/2008, a las 10:09, Pascal Thubert (pthubert) escribió:
> >>>>>>>> I agree with Wassim on both mails.
> >>>>>>>> There's also the situation where the MN/MR might be fooled by
> >>>>>>>> the
> >>>>>>>> visited network into believing that the CoA (or its prefix if a
> >>>>>>>> network
> >>>>>>>> is attacked as opposed to a host) is on the visited link. DSMIP
> >>>>>>>> is also
> >>>>>>>> exposed, in particular with IPv4 CoAs.
> >>>>>>>> There are many scenarios that do not involve high mobility were
> >>>>>>>> a 3-way
> >>>>>>>> or a 4-way handshake could be used to verify the CoA. We have
> >>>>>>>> proposed
> >>>>>>>> such a test in section 6 of the RRH draft that uses a triggered
> >>>>>>>> 2nd BU
> >>>>>>>> flow to verify the CoA in the first one:
> >>>>>>>> http://tools.ietf.org/html/draft-thubert-nemo-reverse-routing-header-07#
> >>>>>>>> section-6
> >>>>>>>> Pascal
> >>>>>>>>> -----Original Message-----
> >>>>>>>>> From: Wassim Haddad [mailto:whaddad@tcs.hut.fi]
> >>>>>>>>> Sent: mercredi 30 janvier 2008 09:32
> >>>>>>>>> To: Benjamin Lim
> >>>>>>>>> Cc: 'Julien Laganier'; mext@ietf.org
> >>>>>>>>> Subject: RE: [MEXT] re-direction attack on MCoA
> >>>>>>>>> On Wed, 30 Jan 2008, Benjamin Lim wrote:
> >>>>>>>>>> All in all, what I am trying to say is that tracing only
> >>>>>>>>>> limits the
> >>>>>>>>>> effect of the attack from escalating further and not
> >>>>>>>>>> preventing it.
> >>>>>>>>> => which (again) also perfectly applies to a single CoA.
> >>>>>>>>> Regards,
> >>>>>>>>> Wassim H.
> >>>>>>>>> _______________________________________________
> >>>>>>>>> MEXT mailing list
> >>>>>>>>> MEXT@ietf.org
> >>>>>>>>> https://www1.ietf.org/mailman/listinfo/mext
> >>>>>>>> _______________________________________________
> >>>>>>>> MEXT mailing list
> >>>>>>>> MEXT@ietf.org
> >>>>>>>> https://www1.ietf.org/mailman/listinfo/mext
> >>>>>> _______________________________________________
> >>>>>> MEXT mailing list
> >>>>>> MEXT@ietf.org
> >>>>>> https://www1.ietf.org/mailman/listinfo/mext
> >>>> _______________________________________________
> >>>> MEXT mailing list
> >>>> MEXT@ietf.org
> >>>> https://www1.ietf.org/mailman/listinfo/mext
> >>>
> >>> _______________________________________________
> >>> MEXT mailing list
> >>> MEXT@ietf.org
> >>> https://www1.ietf.org/mailman/listinfo/mext
> >>>
> >>> _______________________________________________
> >>> MEXT mailing list
> >>> MEXT@ietf.org
> >>> https://www1.ietf.org/mailman/listinfo/mext
> >>>
> >>
> >> _______________________________________________
> >> MEXT mailing list
> >> MEXT@ietf.org
> >> https://www1.ietf.org/mailman/listinfo/mext
> >>
> > _______________________________________________
> > MEXT mailing list
> > MEXT@ietf.org
> > http://www.ietf.org/mailman/listinfo/mext
>
>
_______________________________________________
MEXT mailing list
MEXT@ietf.org
http://www.ietf.org/mailman/listinfo/mext