[MEXT] MIP threats (Re: re-direction attack on MCoA)
Lakshminath Dondeti <ldondeti@qualcomm.com> Thu, 07 February 2008 22:27 UTC
Return-Path: <mext-bounces@ietf.org>
X-Original-To: ietfarch-monami6-archive@core3.amsl.com
Delivered-To: ietfarch-monami6-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 7B9FC3A7C25; Thu, 7 Feb 2008 14:27:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.554
X-Spam-Level:
X-Spam-Status: No, score=-6.554 tagged_above=-999 required=5 tests=[AWL=0.045, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from core3.amsl.com ([127.0.0.1]) by localhost (mail.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ClE5UkHYmxjb; Thu, 7 Feb 2008 14:27:27 -0800 (PST)
Received: from core3.amsl.com (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id BF88A3A7C2A; Thu, 7 Feb 2008 14:27:17 -0800 (PST)
X-Original-To: mext@core3.amsl.com
Delivered-To: mext@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id AABFB3A7C29 for <mext@core3.amsl.com>; Thu, 7 Feb 2008 14:27:16 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
Received: from core3.amsl.com ([127.0.0.1]) by localhost (mail.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 26MV3nbDsIyz for <mext@core3.amsl.com>; Thu, 7 Feb 2008 14:27:15 -0800 (PST)
Received: from ithilien.qualcomm.com (ithilien.qualcomm.com [129.46.51.59]) by core3.amsl.com (Postfix) with ESMTP id CA2EB3A7AD7 for <mext@ietf.org>; Thu, 7 Feb 2008 14:26:02 -0800 (PST)
Received: from hamtaro.qualcomm.com (hamtaro.qualcomm.com [129.46.61.157]) by ithilien.qualcomm.com (8.14.2/8.14.2/1.0) with ESMTP id m17MRL0R016223 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Thu, 7 Feb 2008 14:27:21 -0800
Received: from [129.46.78.229] (dhcp-bldg-l7-78-7.qualcomm.com [129.46.78.229]) by hamtaro.qualcomm.com (8.14.2/8.14.2/1.0) with ESMTP id m17MRJoH015099 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Thu, 7 Feb 2008 14:27:20 -0800 (PST)
Message-ID: <47AB85C3.7060408@qualcomm.com>
Date: Thu, 07 Feb 2008 14:27:15 -0800
From: Lakshminath Dondeti <ldondeti@qualcomm.com>
User-Agent: Thunderbird 2.0.0.9 (Windows/20071031)
MIME-Version: 1.0
To: George Tsirtsis <tsirtsis@googlemail.com>
References: <7892795E1A87F04CADFCCF41FADD00FC051C02A0@xmb-ams-337.emea.cisco.com> <4C47BAA9-BA58-45F7-BDCF-2C050118BACE@it.uc3m.es> <Pine.LNX.4.64.0801301915130.30941@rhea.tcs.hut.fi> <F9F7F253-DC2E-4F89-B235-6C00A981425B@it.uc3m.es> <Pine.LNX.4.64.0801302010130.30941@rhea.tcs.hut.fi> <E4A82F11-1FA6-4908-A466-EC839FD7C315@it.uc3m.es> <6D19CA8D71C89C43A057926FE0D4ADAA232B6D@ecamlmw720.eamcs.ericsson.se> <d3886a520801310308u937f976u214dff17a050d97b@mail.gmail.com>
In-Reply-To: <d3886a520801310308u937f976u214dff17a050d97b@mail.gmail.com>
Cc: Charles Clancy <clancy@cs.umd.edu>, Christian Vogt <christian.vogt@ericsson.com>, Julien Laganier <julien.laganier@laposte.net>, mext@ietf.org
Subject: [MEXT] MIP threats (Re: re-direction attack on MCoA)
X-BeenThere: mext@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Mobile IPv6 EXTensions WG <mext.ietf.org>
List-Unsubscribe: <http://www.ietf.org/mailman/listinfo/mext>, <mailto:mext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/mext>
List-Post: <mailto:mext@ietf.org>
List-Help: <mailto:mext-request@ietf.org?subject=help>
List-Subscribe: <http://www.ietf.org/mailman/listinfo/mext>, <mailto:mext-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="iso-8859-15"
Content-Transfer-Encoding: quoted-printable
Sender: mext-bounces@ietf.org
Errors-To: mext-bounces@ietf.org
Hi Suresh, George, all, Please see draft-vidya-ip-mobility-threats-01 draft-vidya-ip-mobility-sec-reqs-01 Christian, Charles, Vidya and I have been working on the same topic and wrote those documents (we hope to prepare an update before the next meeting). Perhaps these could be a starting point? regards, Lakshminath On 1/31/2008 3:08 AM, George Tsirtsis wrote: > I am of course also interested in this work. I guess we already have > enough people to get the ball rolling on this. > > Thanks > George > > On Jan 31, 2008 10:59 AM, Suresh Krishnan <suresh.krishnan@ericsson.com> wrote: >> Hi Marcelo, >> I am willing to work on a generic MIPv6 threats document along with the other interested people. >> >> Cheers >> Suresh >> >> -----Original Message----- >> From: marcelo bagnulo braun [mailto:marcelo@it.uc3m.es] >> Sent: January 31, 2008 11:13 AM >> To: Wassim Haddad >> Cc: Julien Laganier; mext@ietf.org >> >> Subject: Re: [MEXT] re-direction attack on MCoA >> >> >> El 30/01/2008, a las 19:16, Wassim Haddad escribió: >>> => As there is a clear interest in the redirection attack on the HA >>> side, I volunteer to do some work on this one. >>> >> I think the work should be general to all residual threats on MIP as >> George mentioned, i think this would be more interesting since it >> would allow us to put the different threats in perspective and figure >> out which ones we should address. >> >> >> >>> Regards, >>> >>> Wassim H. >>> >>> >>>> El 30/01/2008, a las 18:19, Wassim Haddad escribió: >>>> >>>>> Hi Marcelo, >>>>> IMHO, this topic has to be included as a new item in the new >>>>> charter and >>>>> should not be limited to MCoA. >>>>> Regards, >>>>> Wassim H. >>>>> On Wed, 30 Jan 2008, marcelo bagnulo braun wrote: >>>>>> Pascal, >>>>>> The question at this point is the following one: do you think >>>>>> that this threat should be addressed in the MCoA draft itself? >>>>>> comments? >>>>>> Regards, marcelo >>>>>> El 30/01/2008, a las 10:09, Pascal Thubert (pthubert) escribió: >>>>>>> I agree with Wassim on both mails. >>>>>>> There's also the situation where the MN/MR might be fooled by the >>>>>>> visited network into believing that the CoA (or its prefix if a >>>>>>> network >>>>>>> is attacked as opposed to a host) is on the visited link. DSMIP >>>>>>> is also >>>>>>> exposed, in particular with IPv4 CoAs. >>>>>>> There are many scenarios that do not involve high mobility were >>>>>>> a 3-way >>>>>>> or a 4-way handshake could be used to verify the CoA. We have >>>>>>> proposed >>>>>>> such a test in section 6 of the RRH draft that uses a triggered >>>>>>> 2nd BU >>>>>>> flow to verify the CoA in the first one: >>>>>>> http://tools.ietf.org/html/draft-thubert-nemo-reverse-routing-header-07# >>>>>>> section-6 >>>>>>> Pascal >>>>>>>> -----Original Message----- >>>>>>>> From: Wassim Haddad [mailto:whaddad@tcs.hut.fi] >>>>>>>> Sent: mercredi 30 janvier 2008 09:32 >>>>>>>> To: Benjamin Lim >>>>>>>> Cc: 'Julien Laganier'; mext@ietf.org >>>>>>>> Subject: RE: [MEXT] re-direction attack on MCoA >>>>>>>> On Wed, 30 Jan 2008, Benjamin Lim wrote: >>>>>>>>> All in all, what I am trying to say is that tracing only >>>>>>>>> limits the >>>>>>>>> effect of the attack from escalating further and not >>>>>>>>> preventing it. >>>>>>>> => which (again) also perfectly applies to a single CoA. >>>>>>>> Regards, >>>>>>>> Wassim H. >>>>>>>> _______________________________________________ >>>>>>>> MEXT mailing list >>>>>>>> MEXT@ietf.org >>>>>>>> https://www1.ietf.org/mailman/listinfo/mext >>>>>>> _______________________________________________ >>>>>>> MEXT mailing list >>>>>>> MEXT@ietf.org >>>>>>> https://www1.ietf.org/mailman/listinfo/mext >>>>> _______________________________________________ >>>>> MEXT mailing list >>>>> MEXT@ietf.org >>>>> https://www1.ietf.org/mailman/listinfo/mext >>> _______________________________________________ >>> MEXT mailing list >>> MEXT@ietf.org >>> https://www1.ietf.org/mailman/listinfo/mext >> >> _______________________________________________ >> MEXT mailing list >> MEXT@ietf.org >> https://www1.ietf.org/mailman/listinfo/mext >> >> _______________________________________________ >> MEXT mailing list >> MEXT@ietf.org >> https://www1.ietf.org/mailman/listinfo/mext >> > > _______________________________________________ > MEXT mailing list > MEXT@ietf.org > https://www1.ietf.org/mailman/listinfo/mext > _______________________________________________ MEXT mailing list MEXT@ietf.org http://www.ietf.org/mailman/listinfo/mext
- [MEXT] re-direction attack on MCoA RYUJI WAKIKAWA
- RE: [MEXT] re-direction attack on MCoA Benjamin Lim
- Re: [MEXT] re-direction attack on MCoA marcelo bagnulo braun
- Re: [MEXT] re-direction attack on MCoA RYUJI WAKIKAWA
- Re: [MEXT] re-direction attack on MCoA Wassim Haddad
- Re: [MEXT] re-direction attack on MCoA Vijay Devarapalli
- RE: [MEXT] re-direction attack on MCoA Benjamin Lim
- RE: [MEXT] re-direction attack on MCoA Benjamin Lim
- Re: [MEXT] re-direction attack on MCoA George Tsirtsis
- Re: [MEXT] re-direction attack on MCoA Julien Laganier
- Re: [MEXT] re-direction attack on MCoA Wassim Haddad
- RE: [MEXT] re-direction attack on MCoA Benjamin Lim
- RE: [MEXT] re-direction attack on MCoA Benjamin Lim
- RE: [MEXT] re-direction attack on MCoA Wassim Haddad
- RE: [MEXT] re-direction attack on MCoA Pascal Thubert (pthubert)
- Re: [MEXT] re-direction attack on MCoA marcelo bagnulo braun
- Re: [MEXT] re-direction attack on MCoA marcelo bagnulo braun
- Re: [MEXT] re-direction attack on MCoA Wassim Haddad
- Re: [MEXT] re-direction attack on MCoA marcelo bagnulo braun
- Re: [MEXT] re-direction attack on MCoA Wassim Haddad
- RE: [MEXT] re-direction attack on MCoA Benjamin Lim
- RE: [MEXT] re-direction attack on MCoA Benjamin Lim
- Re: [MEXT] re-direction attack on MCoA marcelo bagnulo braun
- RE: [MEXT] re-direction attack on MCoA Suresh Krishnan
- Re: [MEXT] re-direction attack on MCoA George Tsirtsis
- Re: [MEXT] re-direction attack on MCoA Jean-Michel Combes
- Re: [MEXT] re-direction attack on MCoA RYUJI WAKIKAWA
- Re: [MEXT] re-direction attack on MCoA marcelo bagnulo braun
- Re: [MEXT] re-direction attack on MCoA Pascal Thubert (pthubert)
- Re: [MEXT] re-direction attack on MCoA marcelo bagnulo braun
- [MEXT] MIP threats (Re: re-direction attack on MC… Lakshminath Dondeti
- Re: [MEXT] MIP threats (Re: re-direction attack o… marcelo bagnulo braun
- Re: [MEXT] MIP threats (Re: re-direction attack o… George Tsirtsis