Re: [TERNLI] Forwarding corrupt packets

Randall Stewart <rrs@cisco.com> Tue, 05 September 2006 11:08 UTC

Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1GKYn4-0006yr-Pi; Tue, 05 Sep 2006 07:08:26 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GKYn3-0006yl-0V for ternli@ietf.org; Tue, 05 Sep 2006 07:08:25 -0400
Received: from sj-iport-1-in.cisco.com ([171.71.176.70] helo=sj-iport-1.cisco.com) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GKYn0-0008V1-LE for ternli@ietf.org; Tue, 05 Sep 2006 07:08:24 -0400
Received: from sj-dkim-3.cisco.com ([171.71.179.195]) by sj-iport-1.cisco.com with ESMTP; 05 Sep 2006 04:08:22 -0700
Received: from sj-core-5.cisco.com (sj-core-5.cisco.com [171.71.177.238]) by sj-dkim-3.cisco.com (8.12.11.20060308/8.12.11) with ESMTP id k85B8Mve031934; Tue, 5 Sep 2006 04:08:22 -0700
Received: from xbh-sjc-211.amer.cisco.com (xbh-sjc-211.cisco.com [171.70.151.144]) by sj-core-5.cisco.com (8.12.10/8.12.6) with ESMTP id k85B8L1E008910; Tue, 5 Sep 2006 04:08:21 -0700 (PDT)
Received: from xfe-sjc-212.amer.cisco.com ([171.70.151.187]) by xbh-sjc-211.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Tue, 5 Sep 2006 04:08:21 -0700
Received: from [127.0.0.1] ([171.68.225.134]) by xfe-sjc-212.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Tue, 5 Sep 2006 04:08:19 -0700
Message-ID: <44FD5A83.7020702@cisco.com>
Date: Tue, 05 Sep 2006 07:07:47 -0400
From: Randall Stewart <rrs@cisco.com>
User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7.12) Gecko/20060223
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Michael Tuexen <Michael.Tuexen@lurchi.franken.de>
Subject: Re: [TERNLI] Forwarding corrupt packets
References: <1157097623.3192.34.camel@lap10-c703.uibk.ac.at> <44F83E74.1080603@isi.edu> <1157121036.3192.148.camel@lap10-c703.uibk.ac.at> <44F84AD5.7070307@isi.edu> <1157131227.3192.220.camel@lap10-c703.uibk.ac.at> <44F8780D.9060503@isi.edu> <1157356740.3197.57.camel@lap10-c703.uibk.ac.at> <85C961BE-2B32-4A31-8235-49CCDCF1332D@lurchi.franken.de> <44FC2484.50201@erg.abdn.ac.uk> <EE4E54BA-BCEB-4DD7-86AB-B2A44A24ACD0@lurchi.franken.de> <44FC2CA7.90602@erg.abdn.ac.uk> <57784F3E-B93A-4D49-AEBA-F1124D952302@lurchi.franken.de> <1157390125.3291.43.camel@lap10-c703.uibk.ac.at> <4E862E2A-DF85-47C1-98A1-991F3CB58B27@lurchi.franken.de> <44FCADA1.5040202@isi.edu> <45186152-9613-4C22-92FF-53BCD2B22337@lurchi.franken.de> <44FCC3D5.4020403@isi.edu> <FC8103E1-1833-46CE-BF31-925890F0BEFB@lurchi.franken.de>
In-Reply-To: <FC8103E1-1833-46CE-BF31-925890F0BEFB@lurchi.franken.de>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
X-OriginalArrivalTime: 05 Sep 2006 11:08:20.0111 (UTC) FILETIME=[9878D9F0:01C6D0DB]
DKIM-Signature: a=rsa-sha1; q=dns; l=1408; t=1157454502; x=1158318502; c=relaxed/simple; s=sjdkim3002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=rrs@cisco.com; z=From:Randall=20Stewart=20<rrs@cisco.com> |Subject:Re=3A=20[TERNLI]=20Forwarding=20corrupt=20packets; X=v=3Dcisco.com=3B=20h=3DFhAEj61I/6Kdz9a6+810YG65OJE=3D; b=qBgDI3kHPtg3JBvQ4oqdl8UlcxLD1a1c/bM5TxHpqIh6ae6Oct6J6ylKKIfn0jo4pAktSwVC 6xMLYv/e6rCugwmoMjYWJ4OMSFS/5YHtfnVqvUKhuvP+f5d8xlyAK2zX;
Authentication-Results: sj-dkim-3.cisco.com; header.From=rrs@cisco.com; dkim=pass ( sig from cisco.com verified; );
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 0fa76816851382eb71b0a882ccdc29ac
Cc: ternli@ietf.org, Joe Touch <touch@ISI.EDU>
X-BeenThere: ternli@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Transport-Enhancing Refinements to the Network Layer Interface <ternli.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ternli>, <mailto:ternli-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/ternli>
List-Post: <mailto:ternli@ietf.org>
List-Help: <mailto:ternli-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ternli>, <mailto:ternli-request@ietf.org?subject=subscribe>
Errors-To: ternli-bounces@ietf.org

Michael Tuexen wrote:
> Hi Joe,
> 
> comments in-line.
> 
> Best regards
> Michael
> 
> On Sep 5, 2006, at 2:24 AM, Joe Touch wrote:
> 
>>
>>
>> Michael Tuexen wrote:
>>
>>> Hi Joe,
>>>
>>> comments in-line.
>>>
>>> Best regards
>>> Michael
>>>
>>> On Sep 5, 2006, at 12:50 AM, Joe Touch wrote:
>>>
>>>>
>>>>
>>>> Michael Tuexen wrote:
>>>>
>>>>> Hi Michael,
>>>>>
>>>>> see my comments in-line.
>>>>
>>>> ...
>>>>
>>>>> I think we have to consider two cases:
>>>>> - An on path attacker....
>>>>> - An off path attacker. ...
>>>>
>>>>
>>>> Checksums are not protection from attacks.
>>>
>>> Correct.
>>> But the question was could the PKTDRP report be used for an attack.
>>
>>
>> If it isn't signed, then yes. But that holds for any message.
> 
> Correct.
> 
>>
>>> What
>>> I wanted to
>>> make clear is the an on path attacker can use it, but he can do this
>>> even without PKTDRP.
>>> An off path attacker has the same problem as for basic SCTP  without 
>>> PKTDRP.
>>
>>
>> Aren't these statements true for any unsigned SCTP message?
> 
> Correct. That was my point. SCTP with PKTDRP is not less safe than  pure 
> SCTP.
Exactly its no different then TCP/UDP/DCCP.. anything that is
not signed has this danger...

R

> 
>>
>> Joe
>>
> 


-- 
Randall Stewart
NSSTG - Cisco Systems Inc.
803-345-0369 <or> 815-342-5222 (cell)