Re: [RPSEC] Threats Draft Issue 3: Section 4.5 Underclaiming
Russ White <ruwhite@cisco.com> Tue, 12 August 2003 10:57 UTC
Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id GAA08227 for <rpsec-archive@odin.ietf.org>; Tue, 12 Aug 2003 06:57:27 -0400 (EDT)
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19mWpr-0006SU-9T for rpsec-archive@odin.ietf.org; Tue, 12 Aug 2003 06:57:03 -0400
Received: (from exim@localhost) by www1.ietf.org (8.12.8/8.12.8/Submit) id h7CAv3vP024822 for rpsec-archive@odin.ietf.org; Tue, 12 Aug 2003 06:57:03 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19mWpr-0006SH-54 for rpsec-web-archive@optimus.ietf.org; Tue, 12 Aug 2003 06:57:03 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id GAA08223 for <rpsec-web-archive@ietf.org>; Tue, 12 Aug 2003 06:56:56 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19mWpm-00075j-00 for rpsec-web-archive@ietf.org; Tue, 12 Aug 2003 06:56:58 -0400
Received: from ietf.org ([132.151.1.19] helo=optimus.ietf.org) by ietf-mx with esmtp (Exim 4.12) id 19mWpm-00075g-00 for rpsec-web-archive@ietf.org; Tue, 12 Aug 2003 06:56:58 -0400
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19mWpp-0006QJ-Gn; Tue, 12 Aug 2003 06:57:01 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19mWpR-0006Q5-6t for rpsec@optimus.ietf.org; Tue, 12 Aug 2003 06:56:37 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id GAA08220 for <rpsec@ietf.org>; Tue, 12 Aug 2003 06:56:30 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19mWpM-00075d-00 for rpsec@ietf.org; Tue, 12 Aug 2003 06:56:32 -0400
Received: from sj-iport-3-in.cisco.com ([171.71.176.72] helo=sj-iport-3.cisco.com) by ietf-mx with esmtp (Exim 4.12) id 19mWpM-00075a-00 for rpsec@ietf.org; Tue, 12 Aug 2003 06:56:32 -0400
Received: from cisco.com (64.102.124.13) by sj-iport-3.cisco.com with ESMTP; 12 Aug 2003 03:56:03 -0700
Received: from cisco.com (uzura.cisco.com [64.102.17.77]) by rtp-core-2.cisco.com (8.12.9/8.12.6) with ESMTP id h7CAu1xc009721; Tue, 12 Aug 2003 06:56:01 -0400 (EDT)
Received: from dhcp-64-102-60-237.cisco.com (dhcp-64-102-60-237.cisco.com [64.102.60.237]) by cisco.com (8.8.8/2.6/Cisco List Logging/8.8.8) with ESMTP id GAA01836; Tue, 12 Aug 2003 06:56:01 -0400 (EDT)
Date: Tue, 12 Aug 2003 06:57:14 -0400
From: Russ White <ruwhite@cisco.com>
Reply-To: Russ White <riw@cisco.com>
To: Eric Gray <ewgray@graiymage.com>
cc: Abbie Barbir <abbieb@nortelnetworks.com>, Routing Protocols Security Working Group <rpsec@ietf.org>
Subject: Re: [RPSEC] Threats Draft Issue 3: Section 4.5 Underclaiming
In-Reply-To: <3F38C357.E4AF5FFF@GraIyMage.com>
Message-ID: <Pine.OSX.4.51.0308120654020.1056@dhcp-64-102-60-237.cisco.com>
References: <87609AFB433BD5118D5E0002A52CD7540686F36E@zcard0k6.ca.nortel.com> <Pine.WNT.4.55.0308110945450.3660@russpc.whitehouse.intra> <3F38C357.E4AF5FFF@GraIyMage.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"
Sender: rpsec-admin@ietf.org
Errors-To: rpsec-admin@ietf.org
X-BeenThere: rpsec@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/rpsec>, <mailto:rpsec-request@ietf.org?subject=unsubscribe>
List-Id: Routing Protocol Security Requirements <rpsec.ietf.org>
List-Post: <mailto:rpsec@ietf.org>
List-Help: <mailto:rpsec-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/rpsec>, <mailto:rpsec-request@ietf.org?subject=subscribe>
Is that true? With RIP, at least, you can force underclaiming by just being
on the wire, and having direct control of the network hardware, I'd guess.
Just collide with anything that comes out looking like a RIP update, no?
That would cause your peers to think you couldn't reach anything.
Of course, the rest of the routing protocols have reliable delivery, so
this isn't theorectically possible.
On the other side of the issue, if we are going to state that any attack
which can only be accomplished through some other attack is really only the
"lower level" attack, then we should probably scrub about half of this doc
out, right?
Again, it comes down to where you draw the line, I think (?).
:-)
Russ
On Tue, 12 Aug 2003, Eric Gray wrote:
> Russ,
>
> As I understand it, the premise is that 'underclaiming' is a problem if
> it results from subversion of a router. In this case, isn't the threat really
> the subversion of the router? Lots of things can be done with subverted
> routers...
>
> --
> Eric Gray
>
> Russ White wrote:
>
> > I'm still of the belief that it is a valid threat, though it's hard to
> > define, and impossible to defend against.
> >
> > :-)
> >
> > Russ
> >
> > On Wed, 6 Aug 2003, Abbie Barbir wrote:
> >
> > > Hi,
> > > please provide feedback ASAP so we can incorportae in the next vrsion of the
> > > draft, that should be comming in the next two weeks.
> > >
> > > abbie
> > >
> > >
> > > > -----Original Message-----
> > > > From: Jean-Jacques Puig [mailto:Jean-Jacques.Puig@int-evry.fr]
> > > > Sent: Wednesday, August 06, 2003 10:22 AM
> > > > To: Routing Protocols Security Working Group
> > > > Subject: Re: [RPSEC] Threats Draft Issue 3: Section 4.5 Underclaiming
> > > >
> > > >
> > > > Hi !
> > > >
> > > > ('made a cut and paste from 'Threats Draft Issues:
> > > > Where we Stand?'
> > > > so that to keep separate threads on specific issues)
> > > >
> > > > On Sun, Jul 13, 2003 at 09:57:39PM -0400, Russ White wrote:
> > > > >
> > > > > Did we come to some concensus on whether or not underclaiming is a
> > > > > legitimate threat? I know there was a lengthy discussion on
> > > > this, but
> > > > > I don't recall any sort of final concensus around the question.
> > > >
> > > > On Fri, Jul 25, 2003 at 10:40:57PM -0400, Russ White wrote:
> > > > >
> > > > > We've had some discussion over some of the issues on the
> > > > threats draft
> > > > > I had recorded from various places; below is a summary of
> > > > what I have
> > > > > so far. We need to get this cleaned up and finished up, so
> > > > we can move
> > > > > on to other work in the near future.
> > > > >
> > > > > ...
> > > > >
> > > > > Issue 3: Issue 3: Section 4.5, Is underclaiming a threat to routing
> > > > > systems?
> > > > >
> > > > > Status: I seem to remember Sandy and some others arguing against
> > > > > underclaiming being a threat, while I and others argue for
> > > > it being a
> > > > > threat. The reasoning on one side appears to be that you
> > > > can't force a
> > > > > router to advertise anything (?), while on the other side
> > > > the claim is
> > > > > that this doesn't matter, forcinf information can still cause
> > > > > misrouting to occur, and thus it's a threat. It seems we need some
> > > > > closure on this one.
> > > >
> > > > After a second reading of the ML mails, WG minutes and drafts
> > > > on this topic, current positions are the following (please
> > > > correct me if I'm
> > > > wrong):
> > > >
> > > > For considering underclaiming as a valid attack: Yi, Birger,
> > > > Russ, Jean-Jacques (and possibly Tony ?).
> > > >
> > > > Against considering underclaiming as a valid attack: Sandy,
> > > > Radia, Curtis (and possibly Stephen ?).
> > > >
> > > > Current input regarding this issue is mainly
> > > > draft-beard-rpsec-routing-threats-01, though further elements
> > > > were mentioned on the mailing list.
> > > >
> > > > Discussion:
> > > >
> > > > From RFC 2828: A threat (action ?) can be either
> > > > "intentional" or
> > > > "accidental".
> > > > According to this, if underclaiming is not a valid
> > > > attack, it may
> > > > still be an accidental threat action, and as such, can be
> > > > documented in the threats document (according to
> > > > current approach of
> > > > threats definition sect 3.1).
> > > >
> > > > There have been input that this attack was against an individual
> > > > network element ? Does anyone want to develop on this ?
> > > >
> > > > I think the router may not be affected by it's own
> > > > underclaiming,
> > > > but so is the network it should have advertised; thus a possible
> > > > target of the attack is a network.
> > > >
> > > > Is it an attack against the routing system ? The routing db is
> > > > affected by underclaiming. If farther on the paths routers make
> > > > *legitimate* underclaiming of the prefix, only a part of the
> > > > routing db may be affected. Most consequences already
> > > > listed in the
> > > > draft may happen. *Incorrect* distributed routing db
> > > > is, IMHO, the
> > > > manifestation of that a threat action against routing occured.
> > > >
> > > > How can a routing protocol be protected against such an
> > > > attack ? The
> > > > same way such a protocol can check authority for prefix
> > > > advertisement through an appropriate distributed db (e.g.
> > > > http://www.isi.edu/~bmanning/inet98.html ). Such a db
> > > > may announce
> > > > policies related to routing, and systems REQUIRED (by
> > > > agreement) to
> > > > advertise a prefix. This may not be sufficient for
> > > > forcing the path,
> > > > yet it allows detection of an incorrect behavior by non
> > > > subverted
> > > > devices. Besides, threats are not defined by the existence of a
> > > > solution to them. Sometimes, when robustness cannot be achieved,
> > > > detection can and is of great interest to limit the consequence
> > > > zone.
> > > >
> > > > Is it too early for a consensus on this ?
> > > >
> > > > Comments are welcome !
> > > >
> > > > --
> > > > Jean-Jacques Puig
> > > >
> > > > [homepage] http://www-lor.int-evry.fr/~puig/
> > > >
> > > > _______________________________________________
> > > > RPSEC mailing list
> > > > RPSEC@ietf.org
> > > > https://www1.ietf.org/mailman/listinfo/rpsec
> > > >
> > >
> >
> > __________________________________
> > riw@cisco.com CCIE <>< Grace Alone
> >
> > _______________________________________________
> > RPSEC mailing list
> > RPSEC@ietf.org
> > https://www1.ietf.org/mailman/listinfo/rpsec
>
>
__________________________________
riw@cisco.com CCIE <>< Grace Alone
_______________________________________________
RPSEC mailing list
RPSEC@ietf.org
https://www1.ietf.org/mailman/listinfo/rpsec
- [RPSEC] Threats Draft Issue 3: Section 4.5 Underc… Russ White
- Re: [RPSEC] Threats Draft Issue 3: Section 4.5 Un… Jean-Jacques Puig
- RE: [RPSEC] Threats Draft Issue 3: Section 4.5 Un… Abbie Barbir
- RE: [RPSEC] Threats Draft Issue 3: Section 4.5 Un… Huang, Dijiang (UMKC-Student)
- RE: [RPSEC] Threats Draft Issue 3: Section 4.5 Un… Russ White
- Re: [RPSEC] Threats Draft Issue 3: Section 4.5 Un… Stephen Kent
- Re: [RPSEC] Threats Draft Issue 3: Section 4.5 Un… Tony Tauber
- Re: [RPSEC] Threats Draft Issue 3: Section 4.5 Un… Eric Gray
- Re: [RPSEC] Threats Draft Issue 3: Section 4.5 Un… Russ White
- Re: [RPSEC] Threats Draft Issue 3: Section 4.5 Un… Stephen Kent
- Re: [RPSEC] Threats Draft Issue 3: Section 4.5 Un… Russ White
- Re: [RPSEC] Threats Draft Issue 3: Section 4.5 Un… Stephen Kent
- Re: [RPSEC] Threats Draft Issue 3: Section 4.5 Un… Russ White
- Re: [RPSEC] Threats Draft Issue 3: Section 4.5 Un… sanjay.ramaswamy
- Re: [RPSEC] Threats Draft Issue 3: Section 4.5 Un… Stephen Kent
- Re: [RPSEC] Threats Draft Issue 3: Section 4.5 Un… sanjay.ramaswamy
- Re: [RPSEC] Threats Draft Issue 3: Section 4.5 Un… Eric Gray
- Re: [RPSEC] Threats Draft Issue 3: Section 4.5 Un… Russ White
- Re: [RPSEC] Threats Draft Issue 3: Section 4.5 Un… Tony Tauber
- Re: [RPSEC] Threats Draft Issue 3: Section 4.5 Un… Alex Audu
- Re: [RPSEC] Threats Draft Issue 3: Section 4.5 Un… Russ White
- Re: [RPSEC] Threats Draft Issue 3: Section 4.5 Un… Tony Tauber
- Re: [RPSEC] Threats Draft Issue 3: Section 4.5 Un… Jean-Jacques Puig
- Re: [RPSEC] Threats Draft Issue 3: Section 4.5 Un… Russ White