Re: [Sidrops] ASPA false leak

Randy Bush <randy@psg.com> Wed, 16 October 2019 06:42 UTC

Return-Path: <randy@psg.com>
X-Original-To: sidrops@ietfa.amsl.com
Delivered-To: sidrops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 962A312006F for <sidrops@ietfa.amsl.com>; Tue, 15 Oct 2019 23:42:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.9
X-Spam-Level:
X-Spam-Status: No, score=-6.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7Sw811muc7oV for <sidrops@ietfa.amsl.com>; Tue, 15 Oct 2019 23:42:35 -0700 (PDT)
Received: from ran.psg.com (ran.psg.com [IPv6:2001:418:8006::18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B6DFF120018 for <sidrops@ietf.org>; Tue, 15 Oct 2019 23:42:35 -0700 (PDT)
Received: from localhost ([127.0.0.1] helo=ryuu.rg.net) by ran.psg.com with esmtp (Exim 4.90_1) (envelope-from <randy@psg.com>) id 1iKd0u-0000hO-Qs; Wed, 16 Oct 2019 06:42:29 +0000
Date: Wed, 16 Oct 2019 08:42:27 +0200
Message-ID: <m2wod5ry24.wl-randy@psg.com>
From: Randy Bush <randy@psg.com>
To: Ben Maddison <benm=40workonline.africa@dmarc.ietf.org>
Cc: "Jakob Heitz (jheitz)" <jheitz@cisco.com>, SIDR Operations WG <sidrops@ietf.org>
In-Reply-To: <AM0P190MB0756169E6093C2C101BAF4EBC0920@AM0P190MB0756.EURP190.PROD.OUTLOOK.COM>
References: <BN8PR11MB37463090DCE5AF62C9D8B9E5C0930@BN8PR11MB3746.namprd11.prod.outlook.com> <m2y2xlsbsn.wl-randy@psg.com>
User-Agent: Wanderlust/2.15.9 (Almost Unreal) Emacs/26.2 Mule/6.0 (HANACHIRUSATO)
MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue")
Content-Type: text/plain; charset=US-ASCII
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidrops/ZCxxKAi4u-AwOXwgqsns06BHUPE>
Subject: Re: [Sidrops] ASPA false leak
X-BeenThere: sidrops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: A list for the SIDR Operations WG <sidrops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidrops>, <mailto:sidrops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidrops/>
List-Post: <mailto:sidrops@ietf.org>
List-Help: <mailto:sidrops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidrops>, <mailto:sidrops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Oct 2019 06:42:37 -0000

>> Consider the topology:
>>
>>    AS5      AS3
>>      \     /   \
>>       \   /     \
>>        AS4     AS2
>>          \     /
>>           \   /
>>            AS1
>>
>> AS1 has providers AS2 and AS4.
>> AS2 has provider  AS3.
>> AS4 has providers AS3 and AS5.
>>
>> AS5 receives a route with AS-path (4 3 2 1).
>> ASPA would declare that AS4 leaked the route from AS3 to AS5.
>> However, AS4 is an authorized provider for AS1.
>> Even though AS4 has a path to AS1, it chose to use an alternative
>> valid path to reach AS1.
> 
> and that alternate path sure looks a lot like a route leak.

lemme try a different way

the attacker A3 wishes tio siphon jelly beans from A5's traffic to A1.
so she convinces A4 to prefer the A4 A3 A2 A1 path, which A4 then
announces to A5 as her best path.  profit.

randy