RE: Flooding Attacks and MIP6 (was RE: [Mipshop] Review of draft-arkko-mipshop-cga-cba-04)
Christian Vogt <chvogt@tm.uka.de> Fri, 18 August 2006 22:13 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1GECay-0000Q6-U7; Fri, 18 Aug 2006 18:13:40 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GECax-0000Ox-Ms for mipshop@ietf.org; Fri, 18 Aug 2006 18:13:39 -0400
Received: from iramx2.ira.uni-karlsruhe.de ([141.3.10.81]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GECar-0000IE-VQ for mipshop@ietf.org; Fri, 18 Aug 2006 18:13:39 -0400
Received: from irams1.ira.uni-karlsruhe.de ([141.3.10.5]) by iramx2.ira.uni-karlsruhe.de with esmtps id 1GECam-00054e-6i; Sat, 19 Aug 2006 00:13:29 +0200
Received: from irabscw.ira.uni-karlsruhe.de ([141.3.10.30] helo=irabscw ident=[U2FsdGVkX192/j60UdSUAPG7cV2mxSEKfpfqEL6NR9g=]) by irams1.ira.uni-karlsruhe.de with esmtps id 1GECal-00075a-27; Sat, 19 Aug 2006 00:13:27 +0200
Received: from apache by irabscw with local (Exim 4.43) id 1GECak-0003JG-GU; Sat, 19 Aug 2006 00:13:26 +0200
Received: from p54A36891.dip.t-dialin.net (p54A36891.dip.t-dialin.net [84.163.104.145]) by webmail.ira.uni-karlsruhe.de (Horde MIME library) with HTTP for <chvogt@webmail.ira.uni-karlsruhe.de>; Sat, 19 Aug 2006 00:13:26 +0200
Message-ID: <20060819001326.p4xf1brxw8wkwokw@webmail.ira.uni-karlsruhe.de>
Date: Sat, 19 Aug 2006 00:13:26 +0200
From: Christian Vogt <chvogt@tm.uka.de>
To: "Narayanan, Vidya" <vidyan@qualcomm.com>
Subject: RE: Flooding Attacks and MIP6 (was RE: [Mipshop] Review of draft-arkko-mipshop-cga-cba-04)
References: <C24CB51D5AA800449982D9BCB903251311A977@NAEX13.na.qualcomm.com>
In-Reply-To: <C24CB51D5AA800449982D9BCB903251311A977@NAEX13.na.qualcomm.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Disposition: inline
Content-Transfer-Encoding: 7bit
User-Agent: Internet Messaging Program (IMP) H3 (4.0.3)
X-WebMail-Company: ATIS-Webmail
X-Originating-IP: 84.163.104.145
X-Remote-Browser: Mozilla/5.0 (Windows; U; Windows NT 5.1; de-DE; rv:1.7.12) Gecko/20050919 Firefox/1.0.7
X-Spam-Score: -2.8 (--)
X-Spam-Status: No
X-Spam-Report: -1.8 ALL_TRUSTED Passed through trusted hosts only via SMTP -2.6 BAYES_00 BODY: Bayesian spam probability is 0 to 1% [score: 0.0000] 1.6 AWL AWL: From: address is in the auto white-list
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 6d95a152022472c7d6cdf886a0424dc6
Cc: Jari Arkko <jari.arkko@kolumbus.fi>, mipshop@ietf.org, Wassim Haddad <whaddad@tcs.hut.fi>
X-BeenThere: mipshop@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: mipshop.ietf.org
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/mipshop>, <mailto:mipshop-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:mipshop@ietf.org>
List-Help: <mailto:mipshop-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/mipshop>, <mailto:mipshop-request@ietf.org?subject=subscribe>
Errors-To: mipshop-bounces@ietf.org
Vidya, the attack I was describing is different: Here the (flooding) attacker does not use a fake home address, but it uses its current on-link IP address as a home address. E.g., the attacker attaches to a public WLAN, receives an RA with prefix P, autoconfigures an IP address A with prefix P, and uses A as the IP source address (i.e., the home address) in a HoTI which it sends to the CN. The HoT goes back to A, where the attacker can obviously receive the message. So the HoA test works fine, and the CN thinks that the HoTI/HoT exchange went through an HA. Now, why would an attacker want to do this? A plausible reason would be because it wants to redirect traffic to a particular victim node. Hence the attacker uses the victim node's IP address B as its CoA, and asks the CN to send packets to B. If A is on the path from the CN to B, then the attacker is able to pass the CoA test. But then the CN's packets will also hit the attacker itself, so I don't see a good motivation for such an attack. Otherwise, if A is not on the path from the CN to B, then a flooding attack against B would be more attractive (from the attacker's point of view). But the attacker cannot pass the CoA test in such a situation. The point I was trying to make relates to the HoA test: Whether or not a real HA exists, and whether the HoA is with the HA or with the attacker itself, doesn't matter from the perspective of the CN. FWIW, IMO this is not a weakness of the HoA test. The purpose of the HoA test is solely to verify reachability at the HoA, and the test meets this objective quite well. I don't think it would help if the CN could determine from the HoTI/HoT exchange whether a real HA exists or not (given that we do not assume a security/trust relationship between the HA and the CN). Getting to your question about OSPF/BGP spoofing: I do agree that we have a serious problem if an attacker is able to forge OSPF or BGP messages. But as outlined above, OSPF/BGP spoofing is not necessary to spoof the HoA test. And obviously it is also not the right thing for spoofing the CoA: Advertising the CoA prefix through a routing protocol is really the opposite of what a flooding attacker would want to do. After all, its intent is to direct packet not to itself, but to a victim. Besides, IMO, OSPF or BGP spoofing is a threat that is orthogonal to mobility. It is true that an attacker capable to do this is in a position to circumvent the HoA test. But such an attacker can anyway steal other node's IP addresses arbitrarily. Ok, take care, and have a good week end! - Christian | | Christian Vogt | Institute of Telematics, University of Karlsruhe | www.tm.uka.de/~chvogt/ | Zitat von "Narayanan, Vidya" <vidyan@qualcomm.com>: > Hi Christian, > Getting back to this thread again :) Please see inline below. > >> >> Another thing is that there may actually be no home agent and >> home domain admin which a victim could contact. (I mentioned >> this in the previous email, but I guess it was lost in the >> noise.) E.g., an attacker may attach to a public WLAN, >> acquire a (possibly temporary) IP address, and use this IP >> address as a HoA in combination with a false CoA. The >> attacker itself would then play the HA part during the HoA test. >> > > I thought I had addressed this in one of my emails, but perhaps I > hadn't. If we assume that an attacker can fake an HA (which includes, > among other things, injecting routes for the serving fake home subnet > into the IGP/EGP so that the HoA test can occur correctly), I would also > assume that it is equally feasible for the attacker to intercept the CoA > test messages between the CN and the victim and spoof the CoA test. In > fact, interception and spoofing of messages is potentially simpler than > injecting routes into OSPF or BGP. > > Would you agree? > > Regards, > Vidya > >> Of course, the HoA test would in this case guarantee the >> attacker's reachability of the alleged "HoA", and hence a >> victim could theoretically track the attacker down by >> contacting the public WLAN provider. But there is no clear >> and, more importantly, fast procedure that the victim could follow. >> >> Also note that the business relationship between the attacker >> and the public WLAN provider may only be of temporary nature >> (e.g., an hourly subscription). >> > ---------------------------------------------------------------- This message was sent using ATIS-Webmail: http://www.atis.uka.de _______________________________________________ Mipshop mailing list Mipshop@ietf.org https://www1.ietf.org/mailman/listinfo/mipshop
- [Mipshop] Review of draft-arkko-mipshop-cga-cba-04 Narayanan, Vidya
- Re: [Mipshop] Review of draft-arkko-mipshop-cga-c… Wassim Haddad
- RE: [Mipshop] Review of draft-arkko-mipshop-cga-c… Narayanan, Vidya
- [Mipshop] Review of draft-arkko-mipshop-cga-cba-04 Lakshminath Dondeti
- RE: [Mipshop] Review of draft-arkko-mipshop-cga-c… Narayanan, Vidya
- Re: [Mipshop] Review of draft-arkko-mipshop-cga-c… Christian Vogt
- Re: [Mipshop] Review of draft-arkko-mipshop-cga-c… Christian Vogt
- Flooding Attacks and MIP6 (was RE: [Mipshop] Revi… Narayanan, Vidya
- CGA-based HoA generation for MIP6 (was RE: [Mipsh… Narayanan, Vidya
- Re: Flooding Attacks and MIP6 (was RE: [Mipshop] … Jari Arkko
- RE: CGA-based HoA generation for MIP6 (was RE: [M… Narayanan, Vidya
- RE: Flooding Attacks and MIP6 (was RE: [Mipshop] … Narayanan, Vidya
- Re: CGA-based HoA generation for MIP6 (was RE: [M… Jari Arkko
- Re: Flooding Attacks and MIP6 (was RE: [Mipshop] … Vijay Devarapalli
- RE: Flooding Attacks and MIP6 (was RE: [Mipshop] … Narayanan, Vidya
- Re: Flooding Attacks and MIP6 (was RE: [Mipshop] … Christian Vogt
- Re: Flooding Attacks and MIP6 (was RE: [Mipshop] … Christian Vogt
- Re: CGA-based HoA generation for MIP6 (was RE: [M… Christian Vogt
- Re: CGA-based HoA generation for MIP6 (was RE: [M… Jari Arkko
- Re: CGA-based HoA generation for MIP6 (was RE: [M… Lakshminath Dondeti
- RE: CGA-based HoA generation for MIP6 (was RE: [M… Narayanan, Vidya
- RE: CGA-based HoA generation for MIP6 (was RE: [M… Wassim Haddad
- Re: CGA-based HoA generation for MIP6 (was RE: [M… Christian Vogt
- Re: CGA-based HoA generation for MIP6 (was RE: [M… Lakshminath Dondeti
- Re: Flooding Attacks and MIP6 (was RE: [Mipshop] … Jari Arkko
- Re: CGA-based HoA generation for MIP6 (was RE: [M… Christian Vogt
- Re: CGA-based HoA generation for MIP6 (was RE: [M… Christian Vogt
- Re: CGA-based HoA generation for MIP6 (was RE: [M… Vijay Devarapalli
- RE: Flooding Attacks and MIP6 (was RE: [Mipshop] … Narayanan, Vidya
- RE: Flooding Attacks and MIP6 (was RE: [Mipshop] … Christian Vogt
- RE: Flooding Attacks and MIP6 (was RE: [Mipshop] … Narayanan, Vidya