Re: OSPF WG Minutes
ashok <ashok_ch@HUAWEI.COM> Tue, 16 August 2005 12:11 UTC
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org)
by megatron.ietf.org with esmtp (Exim 4.32) id 1E50IN-00026x-B1
for ospf-archive@megatron.ietf.org; Tue, 16 Aug 2005 08:11:55 -0400
Received: from cherry.ease.lsoft.com (cherry.ease.lsoft.com [209.119.0.109])
by ietf.org (8.9.1a/8.9.1a) with ESMTP id IAA06059
for <ospf-archive@LISTS.IETF.ORG>; Tue, 16 Aug 2005 08:11:53 -0400 (EDT)
Received: from vms.dc.lsoft.com (209.119.0.2) by cherry.ease.lsoft.com (LSMTP
for Digital Unix v1.1b) with SMTP id <9.010CE570@cherry.ease.lsoft.com>;
Tue, 16 Aug 2005 8:11:53 -0400
Received: by PEACH.EASE.LSOFT.COM (LISTSERV-TCP/IP release 14.4) with spool id
82752764 for OSPF@PEACH.EASE.LSOFT.COM; Tue, 16 Aug 2005 08:11:52
-0400
Received: from 61.144.161.54 by WALNUT.EASE.LSOFT.COM (SMTPL release 1.0m) with
TCP; Tue, 16 Aug 2005 08:01:52 -0400
Received: from huawei.com (szxga02-in [172.24.2.6]) by szxga02-in.huawei.com
(iPlanet Messaging Server 5.2 HotFix 1.25 (built Mar 3 2004)) with
ESMTP id <0ILB001WJDQV1G@szxga02-in.huawei.com> for
OSPF@PEACH.EASE.LSOFT.COM; Tue, 16 Aug 2005 20:08:55 +0800 (CST)
Received: from szxml01-in ([172.24.1.3]) by szxga02-in.huawei.com (iPlanet
Messaging Server 5.2 HotFix 1.25 (built Mar 3 2004)) with ESMTP id
<0ILB00DK6DQVFN@szxga02-in.huawei.com> for OSPF@PEACH.EASE.LSOFT.COM;
Tue, 16 Aug 2005 20:08:55 +0800 (CST)
Received: from Ashokc1721 ([10.18.4.127]) by szxml01-in.huawei.com (iPlanet
Messaging Server 5.2 HotFix 1.25 (built Mar 3 2004)) with ESMTPA id
<0ILB00H9IDVX08@szxml01-in.huawei.com> for OSPF@PEACH.EASE.LSOFT.COM;
Tue, 16 Aug 2005 20:11:58 +0800 (CST)
MIME-version: 1.0
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
X-Mailer: Microsoft Outlook, Build 10.0.6626
Content-type: text/plain; charset=us-ascii
Content-transfer-encoding: 7BIT
Importance: Normal
X-Priority: 3 (Normal)
X-MSMail-priority: Normal
Message-ID: <000001c5a25a$633aee50$7f04120a@china.huawei.com>
Date: Tue, 16 Aug 2005 17:32:33 +0530
Reply-To: Mailing List <OSPF@PEACH.EASE.LSOFT.COM>
Sender: Mailing List <OSPF@PEACH.EASE.LSOFT.COM>
From: ashok <ashok_ch@HUAWEI.COM>
Subject: Re: OSPF WG Minutes
To: OSPF@PEACH.EASE.LSOFT.COM
In-Reply-To: <BB6D74C75CC76A419B6D6FA7C38317B290E96C@sinett-sbs.SiNett.LAN>
Precedence: list
Content-Transfer-Encoding: 7BIT
Hi Vishwas, -----Original Message----- From: Mailing List [mailto:OSPF@PEACH.EASE.LSOFT.COM] On Behalf Of Vishwas Manral Sent: Tuesday, August 16, 2005 5:22 PM To: OSPF@PEACH.EASE.LSOFT.COM Subject: Re: OSPF WG Minutes Hi Acee, > You don't mean all the packets do you? You mean all the packets with > the last sequence number. So, if the last packet was a hello, the > session could be kept up indefinitely. I think there are two parts to it. The first as you are stating it. Another is when a router has gone down, all the packets from the beginning could be replayed and the adjacency could be brought up (the receiver cannot anyway does not check for sequence number before and after an adjacency has broken). For this to happen, ALL ospf packets sent by the router which is now down, has to be stored by the malicious router and it has to be replayed in the same sequence. However, the LSAs will eventually maxage as the malicious router cannot possibly refresh the lsas. So the condition is bounded by OSPF max-age. But, this still does pose a seemingly improbable problem. Thanks, Ashok Thanks, Vishwas -----Original Message----- From: Mailing List [mailto:OSPF@PEACH.EASE.LSOFT.COM] On Behalf Of Acee Lindem Sent: Tuesday, August 16, 2005 5:16 PM To: OSPF@PEACH.EASE.LSOFT.COM Subject: Re: OSPF WG Minutes Vishwas Manral wrote: Hi Vishwas, >Hi Acee, > > > >>Acee: In practice, for OSPFv2 the sequence numbers are not monotically >>increasing; Usage of router's clock for cryptographic sequence number >>generation reduces the chance for replay attacks across restarts. >>?: OSPF spec does not say it ... >> >> >Acee, what I meant was that although the OSPF spec does not state that >we need to use clocks. > > Ok - got the update. >I think the vulnerabilities draft is the right place to state the >problems that can happen if we do not use a clock (or something >equivalent which increments even when a system goes down). > > Ok. I was just state that in practice it is not as easy to exploit as it appears. >Another issue is that even if the sender uses clock for the "sequence >number" and goes down, all the packets of a previous session can still >be replayed by another router. So the chance of replay attacks is still >there. > > You don't mean all the packets do you? You mean all the packets with the last sequence number. So, if the last packet was a hello, the session could be kept up indefinitely. Thanks, Acee >Thanks, >Vishwas >-----Original Message----- >From: Mailing List [mailto:OSPF@PEACH.EASE.LSOFT.COM] On Behalf Of Acee >Lindem >Sent: Monday, August 15, 2005 7:50 PM >To: OSPF@PEACH.EASE.LSOFT.COM >Subject: OSPF WG Minutes > >Attached are the minutes from the Paris OSPF WG meeting. Thanks to >Dimitri for taking them. > >Acee > > >
- OSPF WG Minutes Acee Lindem
- Re: OSPF WG Minutes Vishwas Manral
- NSSA summarization Ajay Thakur
- Re: NSSA summarization sujay
- Re: OSPF WG Minutes Acee Lindem
- Re: OSPF WG Minutes Vishwas Manral
- Re: OSPF WG Minutes ashok
- Re: OSPF WG Minutes Paul Jakma
- [OSPF] OSPF WG Minutes Acee Lindem
- Re: [OSPF] OSPF WG Minutes Vishwas Manral
- Re: [OSPF] OSPF WG Minutes Acee Lindem
- [OSPF] OSPF WG Minutes Acee Lindem
- Re: [OSPF] OSPF WG Minutes Acee Lindem (acee)
- [OSPF] OSPF WG Minutes Acee Lindem (acee)
- Re: [OSPF] OSPF WG Minutes Shraddha Hegde