[sunset4] to summarize Lorzeno's "drive-by" attack on draft-ietf-sunset4-noipv4
Michael Richardson <mcr+ietf@sandelman.ca> Thu, 24 July 2014 22:17 UTC
Return-Path: <mcr@sandelman.ca>
X-Original-To: sunset4@ietfa.amsl.com
Delivered-To: sunset4@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 29F791A0364 for <sunset4@ietfa.amsl.com>; Thu, 24 Jul 2014 15:17:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.108
X-Spam-Level:
X-Spam-Status: No, score=0.108 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, MIME_NO_TEXT=2, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, T_TVD_MIME_NO_HEADERS=0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 11hcUUxFSqLs for <sunset4@ietfa.amsl.com>; Thu, 24 Jul 2014 15:17:26 -0700 (PDT)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B74831A00DE for <sunset4@ietf.org>; Thu, 24 Jul 2014 15:17:26 -0700 (PDT)
Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id 6882820012 for <sunset4@ietf.org>; Thu, 24 Jul 2014 18:19:10 -0400 (EDT)
Received: by sandelman.ca (Postfix, from userid 179) id 58EA663B0E; Thu, 24 Jul 2014 18:17:24 -0400 (EDT)
Received: from sandelman.ca (localhost [127.0.0.1]) by sandelman.ca (Postfix) with ESMTP id 3A53663B0A for <sunset4@ietf.org>; Thu, 24 Jul 2014 18:17:24 -0400 (EDT)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: sunset4@ietf.org
X-Attribution: mcr
X-Mailer: MH-E 8.2; nmh 1.3-dev; GNU Emacs 23.4.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha1"; protocol="application/pgp-signature"
Date: Thu, 24 Jul 2014 18:17:24 -0400
Message-ID: <11190.1406240244@sandelman.ca>
Sender: mcr@sandelman.ca
Archived-At: http://mailarchive.ietf.org/arch/msg/sunset4/Pc4dsxlmbmAydSs6_Cpo-cS4eEw
Subject: [sunset4] to summarize Lorzeno's "drive-by" attack on draft-ietf-sunset4-noipv4
X-BeenThere: sunset4@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: sunset4 working group discussion list <sunset4.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sunset4>, <mailto:sunset4-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sunset4/>
List-Post: <mailto:sunset4@ietf.org>
List-Help: <mailto:sunset4-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sunset4>, <mailto:sunset4-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 24 Jul 2014 22:17:28 -0000
Lorenzo spoke at the mic about a "drive-by" attack on an IPv4-only network. I just want to make it clear about who and how people is impacted. 1) It's an IPv4-only network. 2) It has "modern" hosts, built after publication of draft-ietf-sunset4-noipv4. 3) It's open to some form of attackers. So the "Starbucks" coffee-shop network of 2018. It seems somewhat realistic to me. I'm excluding home wifi networks, because I assume that they are either layer-2 secure, or can identify brother/sister attacks through other means. The attacker sends a number of IPv6 RAs per second. They don't have to use a lot of bandwidth to do this; they just need to to beat the newly booting/connecting host's emitting a DHCPv4 DISCOVER. The host, ignoring that this is a hint, has to suppress *all* DHCPv4 DISCOVER messages when it sees the RA noipv4 option. If the host has successfully sent a DISCOVERY message, it might get an DHCPv4 OFFER, which may or may not be bogus (maybe the RA is legit and the DHCP is bogus), and if it does, it would assume that there is v4, and would configure IPv4. I think that Lorenzo's concerns are real. He feels, I think, that given the degree to which the noipv4 option would be a hint to do DHCPv4 less often, rather than to turn it off completely, that it would therefore become useless. My understanding is that the problem with DHCPv4 discovers is that they are layer-2 broadcasts, and just asking it killing some larger networks that were trying to benefit from savings by deploying IPv6. -- Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works -= IPv6 IoT consulting =-
- [sunset4] to summarize Lorzeno's "drive-by" attac… Michael Richardson
- Re: [sunset4] to summarize Lorzeno's "drive-by" a… Dan Wing
- Re: [sunset4] to summarize Lorzeno's "drive-by" a… Ted Lemon
- Re: [sunset4] to summarize Lorzeno's "drive-by" a… Simon Perreault
- Re: [sunset4] to summarize Lorzeno's "drive-by" a… Ted Lemon
- Re: [sunset4] to summarize Lorzeno's "drive-by" a… Dan Wing
- Re: [sunset4] to summarize Lorzeno's "drive-by" a… Ted Lemon
- Re: [sunset4] to summarize Lorzeno's "drive-by" a… Simon Perreault
- Re: [sunset4] to summarize Lorzeno's "drive-by" a… Michael Richardson
- Re: [sunset4] to summarize Lorzeno's "drive-by" a… Simon Perreault