IETF Logo Mail Archive

Re: [MMUSIC] WGLC for draft-ietf-mmusic-delayed-duplication-01

"Ali C. Begen (abegen)" <abegen@cisco.com> Fri, 26 April 2013 15:15 UTC

Return-Path: <abegen@cisco.com>
X-Original-To: mmusic@ietfa.amsl.com
Delivered-To: mmusic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 95F3121F9029 for <mmusic@ietfa.amsl.com>; Fri, 26 Apr 2013 08:15:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.699
X-Spam-Level:
X-Spam-Status: No, score=-9.699 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, J_CHICKENPOX_33=0.6, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iOiXZy39v8Rp for <mmusic@ietfa.amsl.com>; Fri, 26 Apr 2013 08:14:59 -0700 (PDT)
Received: from rcdn-iport-2.cisco.com (rcdn-iport-2.cisco.com [173.37.86.73]) by ietfa.amsl.com (Postfix) with ESMTP id 9A5F121F97F7 for <mmusic@ietf.org>; Fri, 26 Apr 2013 08:14:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=4101; q=dns/txt; s=iport; t=1366989299; x=1368198899; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=onImBVkDZqkkzygqggCQdmUa/y9EXjw3bGL2ufbaMvo=; b=I4/0mAuylIOxGAMaO7/e6zKXmcqqQd8eJFZMu5mJbNgOCyA0kZG/t86Q yyjL6DPXeFLB+WkXKixbQ4PrjyswiO73JkIKHb9BwR+/WOQ1+lHIDwhDR t6G2DHfyaehBnwKFVFO3f0Phqd1zxi/LsVNWsofNlklotIjjT5WxC9hQQ Y=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AjMFAA6ZelGtJXG8/2dsb2JhbABRgmYhvm+BAhZ0gh8BAQEDAXkFCwIBCBgKJDIlAgQOBQiIBgYBvwuNW4EEAjEHgm1hA4han2yDDoFrPQ
X-IronPort-AV: E=Sophos;i="4.87,559,1363132800"; d="scan'208";a="203449743"
Received: from rcdn-core2-1.cisco.com ([173.37.113.188]) by rcdn-iport-2.cisco.com with ESMTP; 26 Apr 2013 15:14:59 +0000
Received: from xhc-rcd-x03.cisco.com (xhc-rcd-x03.cisco.com [173.37.183.77]) by rcdn-core2-1.cisco.com (8.14.5/8.14.5) with ESMTP id r3QFEw1i006367 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Fri, 26 Apr 2013 15:14:58 GMT
Received: from xmb-aln-x01.cisco.com ([fe80::747b:83e1:9755:d453]) by xhc-rcd-x03.cisco.com ([173.37.183.77]) with mapi id 14.02.0318.004; Fri, 26 Apr 2013 10:14:58 -0500
From: "Ali C. Begen (abegen)" <abegen@cisco.com>
To: Ari Keränen <ari.keranen@ericsson.com>
Thread-Topic: [MMUSIC] WGLC for draft-ietf-mmusic-delayed-duplication-01
Thread-Index: AQHOMh+OrJd+p16ntUKckcdJFFsN55jk0xuAgACHcACAAPSDgIAAtQcAgAIJswCAAANrAA==
Date: Fri, 26 Apr 2013 15:14:58 +0000
Message-ID: <C15918F2FCDA0243A7C919DA7C4BE9940D01F030@xmb-aln-x01.cisco.com>
References: <515F03F3.6070400@ericsson.com> <51770ADD.6080702@ericsson.com> <C15918F2FCDA0243A7C919DA7C4BE9940D00FB1B@xmb-aln-x01.cisco.com> <51784997.3040207@ericsson.com> <C15918F2FCDA0243A7C919DA7C4BE9940D017374@xmb-aln-x01.cisco.com> <517A9714.1010302@ericsson.com>
In-Reply-To: <517A9714.1010302@ericsson.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.21.69.120]
Content-Type: text/plain; charset="iso-8859-1"
Content-ID: <99731DB0D572C24F98180D0B6311E49A@emea.cisco.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "<draft-ietf-mmusic-delayed-duplication@tools.ietf.org>" <draft-ietf-mmusic-delayed-duplication@tools.ietf.org>, mmusic <mmusic@ietf.org>
Subject: Re: [MMUSIC] WGLC for draft-ietf-mmusic-delayed-duplication-01
X-BeenThere: mmusic@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Multiparty Multimedia Session Control Working Group <mmusic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mmusic>, <mailto:mmusic-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/mmusic>
List-Post: <mailto:mmusic@ietf.org>
List-Help: <mailto:mmusic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mmusic>, <mailto:mmusic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 26 Apr 2013 15:15:00 -0000

On Apr 27, 2013, at 12:02 AM, Ari Keränen <ari.keranen@ericsson.com> wrote:

> On 4/25/13 10:55 AM, Ali C. Begen (abegen) wrote:
>> 
>> On Apr 25, 2013, at 6:07 AM, Ari Keränen <ari.keranen@ericsson.com> wrote:
>> 
>>> On 4/24/13 9:32 AM, Ali C. Begen (abegen) wrote:
>>>> 
>>>> On Apr 24, 2013, at 7:27 AM, Ari Keränen <ari.keranen@ericsson.com>
>>>> wrote:
>>>> 
>>>>> Hi,
>>>>> 
>>>>> I reviewed the draft and noticed that in the intro section you
>>>>> mention a possible DoS attack using the delayed duplication
>>>>> functionality, but it's not discussed at all in the security
>>>>> considerations section. Should that be addressed too?
>>>>> 
>>>> 
>>>> Really? the whole section talks about what could happen if someone
>>>> could modify the SDP (number of dup streams, delays, etc.).
>>>> Especially the last paragraph mentions this. is it not clear?
>>> 
>>> Not really. I guess I was expecting something more for a "new series of denial-of-service attacks" than what was described in the security section. To make this more clear, perhaps you could use the term DoS also in the security section, where applicable.
>>> 
>>> Especially the last section talks about software bug or misconfiguration, but couldn't an active attacker also do this?
>>> 
>> 
>> I will change the text as follows. let me know if there are objections.
>> 
>> OLD:
>> 
>>    Another security risk is due to possible software misconfiguration or
>>    a software bug where a large number of duplicates could be
>>    unwillingly signaled in the 'duplication-delay' attribute.  In
>>    applications where this attribute is to be used, it is a good
>>    practice to put a hard limit both on the number of duplicate streams
>>    and the total delay introduced due to duplication regardless of what
>>    the SDP description specifies.
>> 
>> NEW:
>> 
>>    Another security risk is due to possible software misconfiguration or
>>    a software bug where a large number of duplicates could be
>>    unwillingly signaled in the 'duplication-delay' attribute. Similarly, an attacker can use this attribute to start a denial-of-service attack by signaling and sending too many duplicated streams. In
>>    applications where this attribute is to be used, it is a good
>>    practice to put a hard limit both on the number of duplicate streams
>>    and the total delay introduced due to duplication regardless of what
>>    the SDP description specifies.
>> 
> 
> What I was thinking is that can an attacker trick someone supporting this feature into sending big set of duplicate streams (instead of just a single stream) to a target? That is, is there possible amplification due to this extension? Probably not?

If someone is signaling and sending way too many streams to you, you gotta discontinue this stream. E.g., if you see an SDP that signals 5 dup streams, there is likely something wrong. This could be a bug or an attack, either case, you should not accept this stream. I think this is pretty obvious. 

> 
> Or is there some additional DoS risk for signaling duplicate streams and then sending them (as the NEW text says) - instead of just sending if you can do that anyway? I'm guessing no..

If SDP is hacked into, sky is the limit in terms of what harm you can cause. 

> 
> If those aren't big DoS attack concerns, probably the first part of the security considerations is actually more DoS'ish. If that's the case, then maybe modify the text with something like:
> 
> OLD
>   However, these
>   require intercepting and rewriting the packets carrying the SDP [...]
> NEW
>   However, this kind of DoS attacks
>   require intercepting and rewriting the packets carrying the SDP [...]
> 

I would not change this text since it is a pretty standard text for sdp attributes.

> 
> Or maybe the intro text just makes one more worried than you actually need to be with this extension.
> 
> 
> Cheers,
> Ari

v2.23.0 | Report a Bug | By Email