IETF Logo Mail Archive

Re: [RPSEC] Re: draft-convery-bgpattack-00

Sean Convery <sean@cisco.com> Tue, 12 November 2002 19:23 UTC

Received: from www1.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA11040 for <rpsec-archive@odin.ietf.org>; Tue, 12 Nov 2002 14:23:08 -0500 (EST)
Received: (from mailnull@localhost) by www1.ietf.org (8.11.6/8.11.6) id gACJPGX23271 for rpsec-archive@odin.ietf.org; Tue, 12 Nov 2002 14:25:16 -0500
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id gACJPFv23268 for <rpsec-web-archive@optimus.ietf.org>; Tue, 12 Nov 2002 14:25:15 -0500
Received: from www1.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA10992 for <rpsec-web-archive@ietf.org>; Tue, 12 Nov 2002 14:22:37 -0500 (EST)
Received: from www1.ietf.org (localhost.localdomain [127.0.0.1]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id gACJP2v23217; Tue, 12 Nov 2002 14:25:02 -0500
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id gACJJnv23011 for <rpsec@optimus.ietf.org>; Tue, 12 Nov 2002 14:19:49 -0500
Received: from sj-msg-core-1.cisco.com (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA10823 for <rpsec@ietf.org>; Tue, 12 Nov 2002 14:17:11 -0500 (EST)
Received: from sj-msg-av-2.cisco.com (sj-msg-av-2.cisco.com [171.70.145.31]) by sj-msg-core-1.cisco.com (8.12.2/8.12.2) with ESMTP id gACJJhIX012346; Tue, 12 Nov 2002 11:19:43 -0800 (PST)
Received: from nisser.cisco.com (localhost [127.0.0.1]) by sj-msg-av-2.cisco.com (8.12.2/8.12.2) with ESMTP id gACJJWOZ019147; Tue, 12 Nov 2002 11:19:32 -0800 (PST)
Received: from 172.16.30.208 (sjc-vpn1-595.cisco.com [10.21.98.83]) by nisser.cisco.com (8.8.6 (PHNE_14041)/CISCO.SERVER.1.2) with ESMTP id LAA20169; Tue, 12 Nov 2002 11:19:39 -0800 (PST)
Date: Tue, 12 Nov 2002 11:19:27 -0800
From: Sean Convery <sean@cisco.com>
Subject: Re: [RPSEC] Re: draft-convery-bgpattack-00
To: Michael Richardson <mcr@sandelman.ottawa.on.ca>
cc: rpsec@ietf.org
X-Priority: 3
In-Reply-To: <200211051702.gA5H2qWV016669@marajade.sandelman.ottawa.on.ca>
Message-ID: <r01050400-1021-B562A354F67311D69B890003939CDD90@[172.16.30.208]>
MIME-Version: 1.0
Content-Type: text/plain; Charset="US-ASCII"
Content-Transfer-Encoding: 7bit
X-Mailer: Mailsmith 1.5.4 (Blindsider)
Content-Transfer-Encoding: 7bit
Sender: rpsec-admin@ietf.org
Errors-To: rpsec-admin@ietf.org
X-BeenThere: rpsec@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/rpsec>, <mailto:rpsec-request@ietf.org?subject=unsubscribe>
List-Id: Routing Protocol Security Requirements <rpsec.ietf.org>
List-Post: <mailto:rpsec@ietf.org>
List-Help: <mailto:rpsec-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/rpsec>, <mailto:rpsec-request@ietf.org?subject=subscribe>
Content-Transfer-Encoding: 7bit
Content-Transfer-Encoding: 7bit

On 11/5/02 at 12:02 PM, mcr@sandelman.ottawa.on.ca wrote:
>
>  BTW, I found the AND/OR stuff difficult to follow. 
>  It seems you can write:
>  (A || B || C) && D
>
>  as:
>       OR  A
>           B
>           C
>       AND D
>
>  What's weird is that the OR is to the left of the first item
(prefix), while the
>AND is between C and D (infix).
>  Perhaps I am misreading, and in fact the above describes:
>     A || B || (C && D)

What it should mean is (A or B or C) AND D

as in:

Attack:
OR  1. Send message to router causing reset
    OR  1. Send RST message to TCP stack
        2. Send BGP Message
        OR  1. Notify
            2. Open
            3. Keepalive
    AND 3. TCP Sequence number Attack (Appendix A.4)
    2. Alter configuration via. compromised router (Appendix A.1)
    
You can send message causing a reset by 1. sending the message to the
TCP stack, or 2. sending a BGP message.  But in both cases you need 3.
the TCP sequence number attack.

There shouldn't be any cases where an AND or OR is between two numbers.
it should alway be on the same line as a goal on the tree.

We tried to explain the notation in the Intro section.  If you can
provide some specific comments on how to make this better (short of
rewriting the CERT paper :)) we'd love to hear them.

Thanks,

Sean
_______________________________________________
RPSEC mailing list
RPSEC@ietf.org
https://www1.ietf.org/mailman/listinfo/rpsec

v2.23.0 | Report a Bug | By Email