RE: Flooding Attacks and MIP6 (was RE: [Mipshop] Review of draft-arkko-mipshop-cga-cba-04)
"Narayanan, Vidya" <vidyan@qualcomm.com> Fri, 18 August 2006 18:35 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1GE9C3-0005g8-1V; Fri, 18 Aug 2006 14:35:43 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GE9C1-0005fZ-Uy for mipshop@ietf.org; Fri, 18 Aug 2006 14:35:41 -0400
Received: from numenor.qualcomm.com ([129.46.51.58]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GE92x-00085W-D7 for mipshop@ietf.org; Fri, 18 Aug 2006 14:26:20 -0400
Received: from sabrina.qualcomm.com (sabrina.qualcomm.com [129.46.61.150]) by numenor.qualcomm.com (8.13.6/8.12.5/1.0) with ESMTP id k7IIQINv025348 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Fri, 18 Aug 2006 11:26:18 -0700
Received: from NAEXBR02.na.qualcomm.com (naexbr02.qualcomm.com [10.46.92.109]) by sabrina.qualcomm.com (8.13.6/8.13.6/1.0) with ESMTP id k7IIQGHI016510; Fri, 18 Aug 2006 11:26:17 -0700 (PDT)
Received: from NAEX13.na.qualcomm.com ([129.46.51.248]) by NAEXBR02.na.qualcomm.com with Microsoft SMTPSVC(6.0.3790.1830); Fri, 18 Aug 2006 11:26:16 -0700
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Subject: RE: Flooding Attacks and MIP6 (was RE: [Mipshop] Review of draft-arkko-mipshop-cga-cba-04)
Date: Fri, 18 Aug 2006 11:26:13 -0700
Message-ID: <C24CB51D5AA800449982D9BCB903251311A977@NAEX13.na.qualcomm.com>
In-Reply-To: <44E17CCA.9090800@tm.uka.de>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: Flooding Attacks and MIP6 (was RE: [Mipshop] Review of draft-arkko-mipshop-cga-cba-04)
Thread-Index: AcbAP5LzzG+ArGa2T2Sp3TvkblggIgCssKOg
From: "Narayanan, Vidya" <vidyan@qualcomm.com>
To: Christian Vogt <chvogt@tm.uka.de>, Jari Arkko <jari.arkko@kolumbus.fi>
X-OriginalArrivalTime: 18 Aug 2006 18:26:16.0941 (UTC) FILETIME=[CB3F69D0:01C6C2F3]
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 39bd8f8cbb76cae18b7e23f7cf6b2b9f
Cc: Wassim Haddad <whaddad@tcs.hut.fi>, mipshop@ietf.org
X-BeenThere: mipshop@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: mipshop.ietf.org
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/mipshop>, <mailto:mipshop-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:mipshop@ietf.org>
List-Help: <mailto:mipshop-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/mipshop>, <mailto:mipshop-request@ietf.org?subject=subscribe>
Errors-To: mipshop-bounces@ietf.org
Hi Christian, Getting back to this thread again :) Please see inline below. > > Another thing is that there may actually be no home agent and > home domain admin which a victim could contact. (I mentioned > this in the previous email, but I guess it was lost in the > noise.) E.g., an attacker may attach to a public WLAN, > acquire a (possibly temporary) IP address, and use this IP > address as a HoA in combination with a false CoA. The > attacker itself would then play the HA part during the HoA test. > I thought I had addressed this in one of my emails, but perhaps I hadn't. If we assume that an attacker can fake an HA (which includes, among other things, injecting routes for the serving fake home subnet into the IGP/EGP so that the HoA test can occur correctly), I would also assume that it is equally feasible for the attacker to intercept the CoA test messages between the CN and the victim and spoof the CoA test. In fact, interception and spoofing of messages is potentially simpler than injecting routes into OSPF or BGP. Would you agree? Regards, Vidya > Of course, the HoA test would in this case guarantee the > attacker's reachability of the alleged "HoA", and hence a > victim could theoretically track the attacker down by > contacting the public WLAN provider. But there is no clear > and, more importantly, fast procedure that the victim could follow. > > Also note that the business relationship between the attacker > and the public WLAN provider may only be of temporary nature > (e.g., an hourly subscription). > _______________________________________________ Mipshop mailing list Mipshop@ietf.org https://www1.ietf.org/mailman/listinfo/mipshop
- [Mipshop] Review of draft-arkko-mipshop-cga-cba-04 Narayanan, Vidya
- Re: [Mipshop] Review of draft-arkko-mipshop-cga-c… Wassim Haddad
- RE: [Mipshop] Review of draft-arkko-mipshop-cga-c… Narayanan, Vidya
- [Mipshop] Review of draft-arkko-mipshop-cga-cba-04 Lakshminath Dondeti
- RE: [Mipshop] Review of draft-arkko-mipshop-cga-c… Narayanan, Vidya
- Re: [Mipshop] Review of draft-arkko-mipshop-cga-c… Christian Vogt
- Re: [Mipshop] Review of draft-arkko-mipshop-cga-c… Christian Vogt
- Flooding Attacks and MIP6 (was RE: [Mipshop] Revi… Narayanan, Vidya
- CGA-based HoA generation for MIP6 (was RE: [Mipsh… Narayanan, Vidya
- Re: Flooding Attacks and MIP6 (was RE: [Mipshop] … Jari Arkko
- RE: CGA-based HoA generation for MIP6 (was RE: [M… Narayanan, Vidya
- RE: Flooding Attacks and MIP6 (was RE: [Mipshop] … Narayanan, Vidya
- Re: CGA-based HoA generation for MIP6 (was RE: [M… Jari Arkko
- Re: Flooding Attacks and MIP6 (was RE: [Mipshop] … Vijay Devarapalli
- RE: Flooding Attacks and MIP6 (was RE: [Mipshop] … Narayanan, Vidya
- Re: Flooding Attacks and MIP6 (was RE: [Mipshop] … Christian Vogt
- Re: Flooding Attacks and MIP6 (was RE: [Mipshop] … Christian Vogt
- Re: CGA-based HoA generation for MIP6 (was RE: [M… Christian Vogt
- Re: CGA-based HoA generation for MIP6 (was RE: [M… Jari Arkko
- Re: CGA-based HoA generation for MIP6 (was RE: [M… Lakshminath Dondeti
- RE: CGA-based HoA generation for MIP6 (was RE: [M… Narayanan, Vidya
- RE: CGA-based HoA generation for MIP6 (was RE: [M… Wassim Haddad
- Re: CGA-based HoA generation for MIP6 (was RE: [M… Christian Vogt
- Re: CGA-based HoA generation for MIP6 (was RE: [M… Lakshminath Dondeti
- Re: Flooding Attacks and MIP6 (was RE: [Mipshop] … Jari Arkko
- Re: CGA-based HoA generation for MIP6 (was RE: [M… Christian Vogt
- Re: CGA-based HoA generation for MIP6 (was RE: [M… Christian Vogt
- Re: CGA-based HoA generation for MIP6 (was RE: [M… Vijay Devarapalli
- RE: Flooding Attacks and MIP6 (was RE: [Mipshop] … Narayanan, Vidya
- RE: Flooding Attacks and MIP6 (was RE: [Mipshop] … Christian Vogt
- RE: Flooding Attacks and MIP6 (was RE: [Mipshop] … Narayanan, Vidya