Re: [quicwg/base-drafts] Amplification attack using retry tokens and spoofed addresses (#2064)

MikkelFJ <> Fri, 30 November 2018 21:23 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 82F6F130EE1 for <>; Fri, 30 Nov 2018 13:23:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -9.46
X-Spam-Status: No, score=-9.46 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-1.46, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id v2JqCvG6_Oy5 for <>; Fri, 30 Nov 2018 13:23:03 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 2EF881277D2 for <>; Fri, 30 Nov 2018 13:23:03 -0800 (PST)
Date: Fri, 30 Nov 2018 13:23:02 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=pf2014; t=1543612982; bh=LOdKTZ/goEpZQv7LtuNa+92crqrtHL99t6DBcU3bzbw=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=pU1ihOnVzTvw0gwDEHsqxsPSowkF3XhXrU2tfTtc7swicQdgKHmEFqa4bC4GAFoKY HhJzOwuYi0uuyTVjqyZcSZyfcKzqxw8uSuqCpQO1n8MNVGi5/fGY3aCL+vf3u8UFiC YbDZGQ1qhgg5zRQoFYuiZhSSjF15TRRNiVpC/pVM=
From: MikkelFJ <>
Reply-To: quicwg/base-drafts <>
To: quicwg/base-drafts <>
Cc: Subscribed <>
Message-ID: <quicwg/base-drafts/pull/2064/>
In-Reply-To: <quicwg/base-drafts/pull/>
References: <quicwg/base-drafts/pull/>
Subject: Re: [quicwg/base-drafts] Amplification attack using retry tokens and spoofed addresses (#2064)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5c01aa36737ac_27bc3fa0a26d45c012351c"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: mikkelfj
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
Archived-At: <>
X-Mailman-Version: 2.1.29
List-Id: Notification list for GitHub issues related to the QUIC WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 30 Nov 2018 21:23:04 -0000

Here is a tricky variation:

The attacker initiates a handshake with a spoofed source IP in the hope of generating a retry. The attacker is sufficiently close to the target server that it can observe retry token. It is now able to share the token with many bots that all use the token to initiated spoofed validated handshakes toward the target. Even if the token is cryptographically encoding the target IP, it will not help, because the spoofed handshakes match the token.

You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub: