Re: [saag] can an on-path attacker drop traffic?

Carsten Bormann <cabo@tzi.org> Wed, 02 September 2020 20:11 UTC

Return-Path: <cabo@tzi.org>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F16B43A0E14 for <saag@ietfa.amsl.com>; Wed, 2 Sep 2020 13:11:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LCMn3AIPHu5R for <saag@ietfa.amsl.com>; Wed, 2 Sep 2020 13:11:30 -0700 (PDT)
Received: from gabriel-vm-2.zfn.uni-bremen.de (gabriel-vm-2.zfn.uni-bremen.de [134.102.50.17]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B19B33A0E08 for <saag@ietf.org>; Wed, 2 Sep 2020 13:11:30 -0700 (PDT)
Received: from [192.168.217.102] (p5089ae91.dip0.t-ipconnect.de [80.137.174.145]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by gabriel-vm-2.zfn.uni-bremen.de (Postfix) with ESMTPSA id 4BhZp845Q7zyRG; Wed, 2 Sep 2020 22:11:28 +0200 (CEST)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.1\))
From: Carsten Bormann <cabo@tzi.org>
In-Reply-To: <20200902193300.GW3100@localhost>
Date: Wed, 2 Sep 2020 22:11:27 +0200
Cc: Michael Richardson <mcr+ietf@sandelman.ca>, saag@ietf.org
X-Mao-Original-Outgoing-Id: 620770287.8084871-08e3f9329164d44e82d88cc13785c47e
Content-Transfer-Encoding: quoted-printable
Message-Id: <11624BD0-63D7-42E4-8852-73AD3787DA2D@tzi.org>
References: <4645.1599064072@localhost> <20200902193300.GW3100@localhost>
To: Nico Williams <nico@cryptonector.com>
X-Mailer: Apple Mail (2.3608.120.23.2.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/nOFilYX7YhHw_N2A8iorrVEjpPI>
Subject: Re: [saag] can an on-path attacker drop traffic?
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Sep 2020 20:11:33 -0000

On 2020-09-02, at 21:33, Nico Williams <nico@cryptonector.com> wrote:
> 
> To me on-path means physically or logically (e.g., after DNS spoofing or
> route take over) in the path.
> 
> MITM is about being in the middle at some higher layer than IP.

Right.  A MITM attack can start before there is "a path".

Grüße, Carsten