Re: [MEXT] MIP threats (Re: re-direction attack on MCoA)
"George Tsirtsis" <tsirtsis@googlemail.com> Mon, 11 February 2008 10:51 UTC
Return-Path: <mext-bounces@ietf.org>
X-Original-To: ietfarch-nemo-archive@core3.amsl.com
Delivered-To: ietfarch-nemo-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 1E5F53A6B0A; Mon, 11 Feb 2008 02:51:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.795
X-Spam-Level:
X-Spam-Status: No, score=-0.795 tagged_above=-999 required=5 tests=[AWL=-0.980, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, FM_FORGED_GMAIL=0.622, HELO_MISMATCH_ORG=0.611, RDNS_NONE=0.1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RpGxv0r8QNvW; Mon, 11 Feb 2008 02:51:27 -0800 (PST)
Received: from core3.amsl.com (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D597B3A6AD5; Mon, 11 Feb 2008 02:51:27 -0800 (PST)
X-Original-To: mext@core3.amsl.com
Delivered-To: mext@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id CD8E73A6AF2 for <mext@core3.amsl.com>; Mon, 11 Feb 2008 02:51:25 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Rt-qINUG+Isu for <mext@core3.amsl.com>; Mon, 11 Feb 2008 02:51:24 -0800 (PST)
Received: from wx-out-0506.google.com (wx-out-0506.google.com [66.249.82.234]) by core3.amsl.com (Postfix) with ESMTP id 6B50F3A6AD5 for <mext@ietf.org>; Mon, 11 Feb 2008 02:51:24 -0800 (PST)
Received: by wx-out-0506.google.com with SMTP id s8so5261097wxc.31 for <mext@ietf.org>; Mon, 11 Feb 2008 02:52:49 -0800 (PST)
Received: by 10.142.83.4 with SMTP id g4mr8377949wfb.28.1202727168933; Mon, 11 Feb 2008 02:52:48 -0800 (PST)
Received: by 10.142.11.11 with HTTP; Mon, 11 Feb 2008 02:52:48 -0800 (PST)
Message-ID: <d3886a520802110252v68d4f390v6f2945a3bb74cc8a@mail.gmail.com>
Date: Mon, 11 Feb 2008 10:52:48 +0000
From: George Tsirtsis <tsirtsis@googlemail.com>
To: marcelo bagnulo braun <marcelo@it.uc3m.es>
In-Reply-To: <00115188-2AC9-460B-A325-437BD77F7D3E@it.uc3m.es>
MIME-Version: 1.0
Content-Disposition: inline
References: <4C47BAA9-BA58-45F7-BDCF-2C050118BACE@it.uc3m.es> <Pine.LNX.4.64.0801302010130.30941@rhea.tcs.hut.fi> <47AB85C3.7060408@qualcomm.com> <00115188-2AC9-460B-A325-437BD77F7D3E@it.uc3m.es>
Cc: Julien Laganier <julien.laganier@laposte.net>, Charles Clancy <clancy@cs.umd.edu>, Christian Vogt <christian.vogt@ericsson.com>, mext@ietf.org
Subject: Re: [MEXT] MIP threats (Re: re-direction attack on MCoA)
X-BeenThere: mext@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Mobile IPv6 EXTensions WG <mext.ietf.org>
List-Unsubscribe: <http://www.ietf.org/mailman/listinfo/mext>, <mailto:mext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/mext>
List-Post: <mailto:mext@ietf.org>
List-Help: <mailto:mext-request@ietf.org?subject=help>
List-Subscribe: <http://www.ietf.org/mailman/listinfo/mext>, <mailto:mext-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Sender: mext-bounces@ietf.org
Errors-To: mext-bounces@ietf.org
Yes, it is in my todo list to read those as I create a presentation for this for the IETF meeting. George On Feb 11, 2008 9:54 AM, marcelo bagnulo braun <marcelo@it.uc3m.es> wrote: > Hi Lakshminath, > > I haven't review the document, but the document that i understand > George, Wassim and Ben are thinking about is an analysis of residual > threats in rfc3775 (or more in general in MIPv6). I mean, assuming all > the security measures currently available, what threats are still > there and whether we need to address them. One clear case if the case > of flooding attack towards a given using the HA, as Ben and other > folks have noticed > > Regards, marcelo > > > El 07/02/2008, a las 23:27, Lakshminath Dondeti escribió: > > > Hi Suresh, George, all, > > > > Please see > > draft-vidya-ip-mobility-threats-01 > > draft-vidya-ip-mobility-sec-reqs-01 > > > > Christian, Charles, Vidya and I have been working on the same topic > > and > > wrote those documents (we hope to prepare an update before the next > > meeting). Perhaps these could be a starting point? > > > > regards, > > Lakshminath > > > > On 1/31/2008 3:08 AM, George Tsirtsis wrote: > >> I am of course also interested in this work. I guess we already have > >> enough people to get the ball rolling on this. > >> > >> Thanks > >> George > >> > >> On Jan 31, 2008 10:59 AM, Suresh Krishnan <suresh.krishnan@ericsson.com > >> > wrote: > >>> Hi Marcelo, > >>> I am willing to work on a generic MIPv6 threats document along > >>> with the other interested people. > >>> > >>> Cheers > >>> Suresh > >>> > >>> -----Original Message----- > >>> From: marcelo bagnulo braun [mailto:marcelo@it.uc3m.es] > >>> Sent: January 31, 2008 11:13 AM > >>> To: Wassim Haddad > >>> Cc: Julien Laganier; mext@ietf.org > >>> > >>> Subject: Re: [MEXT] re-direction attack on MCoA > >>> > >>> > >>> El 30/01/2008, a las 19:16, Wassim Haddad escribió: > >>>> => As there is a clear interest in the redirection attack on the HA > >>>> side, I volunteer to do some work on this one. > >>>> > >>> I think the work should be general to all residual threats on MIP as > >>> George mentioned, i think this would be more interesting since it > >>> would allow us to put the different threats in perspective and > >>> figure > >>> out which ones we should address. > >>> > >>> > >>> > >>>> Regards, > >>>> > >>>> Wassim H. > >>>> > >>>> > >>>>> El 30/01/2008, a las 18:19, Wassim Haddad escribió: > >>>>> > >>>>>> Hi Marcelo, > >>>>>> IMHO, this topic has to be included as a new item in the new > >>>>>> charter and > >>>>>> should not be limited to MCoA. > >>>>>> Regards, > >>>>>> Wassim H. > >>>>>> On Wed, 30 Jan 2008, marcelo bagnulo braun wrote: > >>>>>>> Pascal, > >>>>>>> The question at this point is the following one: do you think > >>>>>>> that this threat should be addressed in the MCoA draft itself? > >>>>>>> comments? > >>>>>>> Regards, marcelo > >>>>>>> El 30/01/2008, a las 10:09, Pascal Thubert (pthubert) escribió: > >>>>>>>> I agree with Wassim on both mails. > >>>>>>>> There's also the situation where the MN/MR might be fooled by > >>>>>>>> the > >>>>>>>> visited network into believing that the CoA (or its prefix if a > >>>>>>>> network > >>>>>>>> is attacked as opposed to a host) is on the visited link. DSMIP > >>>>>>>> is also > >>>>>>>> exposed, in particular with IPv4 CoAs. > >>>>>>>> There are many scenarios that do not involve high mobility were > >>>>>>>> a 3-way > >>>>>>>> or a 4-way handshake could be used to verify the CoA. We have > >>>>>>>> proposed > >>>>>>>> such a test in section 6 of the RRH draft that uses a triggered > >>>>>>>> 2nd BU > >>>>>>>> flow to verify the CoA in the first one: > >>>>>>>> http://tools.ietf.org/html/draft-thubert-nemo-reverse-routing-header-07# > >>>>>>>> section-6 > >>>>>>>> Pascal > >>>>>>>>> -----Original Message----- > >>>>>>>>> From: Wassim Haddad [mailto:whaddad@tcs.hut.fi] > >>>>>>>>> Sent: mercredi 30 janvier 2008 09:32 > >>>>>>>>> To: Benjamin Lim > >>>>>>>>> Cc: 'Julien Laganier'; mext@ietf.org > >>>>>>>>> Subject: RE: [MEXT] re-direction attack on MCoA > >>>>>>>>> On Wed, 30 Jan 2008, Benjamin Lim wrote: > >>>>>>>>>> All in all, what I am trying to say is that tracing only > >>>>>>>>>> limits the > >>>>>>>>>> effect of the attack from escalating further and not > >>>>>>>>>> preventing it. > >>>>>>>>> => which (again) also perfectly applies to a single CoA. > >>>>>>>>> Regards, > >>>>>>>>> Wassim H. > >>>>>>>>> _______________________________________________ > >>>>>>>>> MEXT mailing list > >>>>>>>>> MEXT@ietf.org > >>>>>>>>> https://www1.ietf.org/mailman/listinfo/mext > >>>>>>>> _______________________________________________ > >>>>>>>> MEXT mailing list > >>>>>>>> MEXT@ietf.org > >>>>>>>> https://www1.ietf.org/mailman/listinfo/mext > >>>>>> _______________________________________________ > >>>>>> MEXT mailing list > >>>>>> MEXT@ietf.org > >>>>>> https://www1.ietf.org/mailman/listinfo/mext > >>>> _______________________________________________ > >>>> MEXT mailing list > >>>> MEXT@ietf.org > >>>> https://www1.ietf.org/mailman/listinfo/mext > >>> > >>> _______________________________________________ > >>> MEXT mailing list > >>> MEXT@ietf.org > >>> https://www1.ietf.org/mailman/listinfo/mext > >>> > >>> _______________________________________________ > >>> MEXT mailing list > >>> MEXT@ietf.org > >>> https://www1.ietf.org/mailman/listinfo/mext > >>> > >> > >> _______________________________________________ > >> MEXT mailing list > >> MEXT@ietf.org > >> https://www1.ietf.org/mailman/listinfo/mext > >> > > _______________________________________________ > > MEXT mailing list > > MEXT@ietf.org > > http://www.ietf.org/mailman/listinfo/mext > > _______________________________________________ MEXT mailing list MEXT@ietf.org http://www.ietf.org/mailman/listinfo/mext
- [MEXT] re-direction attack on MCoA RYUJI WAKIKAWA
- RE: [MEXT] re-direction attack on MCoA Benjamin Lim
- Re: [MEXT] re-direction attack on MCoA marcelo bagnulo braun
- Re: [MEXT] re-direction attack on MCoA RYUJI WAKIKAWA
- Re: [MEXT] re-direction attack on MCoA Wassim Haddad
- Re: [MEXT] re-direction attack on MCoA Vijay Devarapalli
- RE: [MEXT] re-direction attack on MCoA Benjamin Lim
- RE: [MEXT] re-direction attack on MCoA Benjamin Lim
- Re: [MEXT] re-direction attack on MCoA George Tsirtsis
- Re: [MEXT] re-direction attack on MCoA Julien Laganier
- Re: [MEXT] re-direction attack on MCoA Wassim Haddad
- RE: [MEXT] re-direction attack on MCoA Benjamin Lim
- RE: [MEXT] re-direction attack on MCoA Benjamin Lim
- RE: [MEXT] re-direction attack on MCoA Wassim Haddad
- RE: [MEXT] re-direction attack on MCoA Pascal Thubert (pthubert)
- Re: [MEXT] re-direction attack on MCoA marcelo bagnulo braun
- Re: [MEXT] re-direction attack on MCoA marcelo bagnulo braun
- Re: [MEXT] re-direction attack on MCoA Wassim Haddad
- Re: [MEXT] re-direction attack on MCoA marcelo bagnulo braun
- Re: [MEXT] re-direction attack on MCoA Wassim Haddad
- RE: [MEXT] re-direction attack on MCoA Benjamin Lim
- RE: [MEXT] re-direction attack on MCoA Benjamin Lim
- Re: [MEXT] re-direction attack on MCoA marcelo bagnulo braun
- RE: [MEXT] re-direction attack on MCoA Suresh Krishnan
- Re: [MEXT] re-direction attack on MCoA George Tsirtsis
- Re: [MEXT] re-direction attack on MCoA Jean-Michel Combes
- Re: [MEXT] re-direction attack on MCoA marcelo bagnulo braun
- Re: [MEXT] re-direction attack on MCoA Pascal Thubert (pthubert)
- Re: [MEXT] re-direction attack on MCoA marcelo bagnulo braun
- [MEXT] MIP threats (Re: re-direction attack on MC… Lakshminath Dondeti
- Re: [MEXT] MIP threats (Re: re-direction attack o… marcelo bagnulo braun
- Re: [MEXT] MIP threats (Re: re-direction attack o… George Tsirtsis