Re: [sunset4] to summarize Lorzeno's "drive-by" attack on draft-ietf-sunset4-noipv4
Dan Wing <dwing@cisco.com> Mon, 28 July 2014 16:26 UTC
Return-Path: <dwing@cisco.com>
X-Original-To: sunset4@ietfa.amsl.com
Delivered-To: sunset4@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8BCCD1A01C8 for <sunset4@ietfa.amsl.com>; Mon, 28 Jul 2014 09:26:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.502
X-Spam-Level:
X-Spam-Status: No, score=-14.502 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id U11imjUTpqj3 for <sunset4@ietfa.amsl.com>; Mon, 28 Jul 2014 09:26:19 -0700 (PDT)
Received: from rcdn-iport-3.cisco.com (rcdn-iport-3.cisco.com [173.37.86.74]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 760051A03A5 for <sunset4@ietf.org>; Mon, 28 Jul 2014 09:26:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=1162; q=dns/txt; s=iport; t=1406564779; x=1407774379; h=mime-version:subject:from:in-reply-to:date:cc: content-transfer-encoding:message-id:references:to; bh=7K91gDlI6cfIqHhLzRXf+5YotN7O9MWEmV4OWAKzCHM=; b=DcqqSqeLRrUFKeGe+iVKyC3rc8crJH40zxDoujGo8bTX1xoIDJFxWMdw ELE/9e0JhkRyM3gfwZ3wjVsJ/qdkiXP2P+kG3ynSZlxvgKoEhSZKHxoZ0 vsJikwxXQqAcUW2sYXl6HarhYlTno6drw5XGStbTTjmRwMS+VPbf38yhP k=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AgUFAHZ41lOtJV2a/2dsb2JhbABZgw6BKdNSAYEPFneEAwEBAQMBOj8FCwsYLlcGE4g6CL4HF48ZMweDL4EbBYpxkFuHHo0uggOBZh0v
X-IronPort-AV: E=Sophos;i="5.01,750,1400025600"; d="scan'208";a="343382496"
Received: from rcdn-core-3.cisco.com ([173.37.93.154]) by rcdn-iport-3.cisco.com with ESMTP; 28 Jul 2014 16:26:18 +0000
Received: from [10.21.119.225] ([10.21.119.225]) by rcdn-core-3.cisco.com (8.14.5/8.14.5) with ESMTP id s6SGQHck027278 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Mon, 28 Jul 2014 16:26:18 GMT
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\))
From: Dan Wing <dwing@cisco.com>
In-Reply-To: <C38ED5E4-5088-4877-9A9F-160EAFCA9938@nominum.com>
Date: Mon, 28 Jul 2014 09:26:16 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <6D291158-F0C6-4BE4-851B-366B2F0B2540@cisco.com>
References: <11190.1406240244@sandelman.ca> <C12A07EA-E27A-4EAF-A9DE-536FF22A0395@cisco.com> <3B647D53-0E22-43C3-892D-319C9109248C@nominum.com> <53D6559B.2090300@jive.com> <C38ED5E4-5088-4877-9A9F-160EAFCA9938@nominum.com>
To: Ted Lemon <Ted.Lemon@nominum.com>
X-Mailer: Apple Mail (2.1878.6)
Archived-At: http://mailarchive.ietf.org/arch/msg/sunset4/l7_4b9LXRhBUAj7WBkNs52T9B64
Cc: Simon Perreault <sperreault@jive.com>, sunset4@ietf.org
Subject: Re: [sunset4] to summarize Lorzeno's "drive-by" attack on draft-ietf-sunset4-noipv4
X-BeenThere: sunset4@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: sunset4 working group discussion list <sunset4.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sunset4>, <mailto:sunset4-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sunset4/>
List-Post: <mailto:sunset4@ietf.org>
List-Help: <mailto:sunset4-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sunset4>, <mailto:sunset4-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 28 Jul 2014 16:26:31 -0000
On Jul 28, 2014, at 7:30 AM, Ted Lemon <Ted.Lemon@nominum.com> wrote: > On Jul 28, 2014, at 9:52 AM, Simon Perreault <sperreault@jive.com> wrote: >> Dan didn't say "broken", he said "attacker-controlled", possibly (my guess) thinking of the infamous "SLAAC attack" [*]. Happy eyeballs is useless here. > > This is the MiTM attack I referred to in the previous message. If you are not using secure protocols, you are always vulnerable to MiTM. Considering RA Guard (RFC6105) and DHCP guard are necessary, so I don't see draft-ietf-sunset4-noipv4 creating a *new* risk. I agree improving security of RA and DHCP (e.g., draft-ietf-dhc-sedhcpv6) are helpful, but in the intervening days between today and ubiquitous availability of deployable and secure RA and DHCP, a responsible network needs to block spoofed router advertisements from non-routers and prevent DHCP spoofing from non-DHCP servers. Simon bought up an interesting point that an attacker abusing NOIPV4 needs only send a few packets and would have a lasting impact. The attacker need not stay on the network to have a lasting impact. -d
- [sunset4] to summarize Lorzeno's "drive-by" attac… Michael Richardson
- Re: [sunset4] to summarize Lorzeno's "drive-by" a… Dan Wing
- Re: [sunset4] to summarize Lorzeno's "drive-by" a… Ted Lemon
- Re: [sunset4] to summarize Lorzeno's "drive-by" a… Simon Perreault
- Re: [sunset4] to summarize Lorzeno's "drive-by" a… Ted Lemon
- Re: [sunset4] to summarize Lorzeno's "drive-by" a… Dan Wing
- Re: [sunset4] to summarize Lorzeno's "drive-by" a… Ted Lemon
- Re: [sunset4] to summarize Lorzeno's "drive-by" a… Simon Perreault
- Re: [sunset4] to summarize Lorzeno's "drive-by" a… Michael Richardson
- Re: [sunset4] to summarize Lorzeno's "drive-by" a… Simon Perreault