On Wed, May 14, 2003 at 03:41:44PM -0400, Anthony DeRobertis wrote: > > On Wednesday, May 14, 2003, at 03:10 PM, Bill Cerveny wrote: > > >This was also the engineer's point -- he felt IPv4 DHCP was broken in > >this manner and this broken behavior was being perpetuated via IPv6 > >router advertisements. > > Well, the only solutions are really: > > a) Static adressing > b) Signed announcements, with replay protection > c) layer-three switches to only allow announcements from certain > ports > > (c) is the only solution that doesn't nullify the benefits of autoconf, > but it's expensive. (b) requires configuration on each host, and > possibly even a lot of state keeping (for replay prevention) which > defeats the autoconf goal.
Couldn't you do (b) the way SSH handles server public keys? When you first set up networking, assume the first DHCP offer/v6 router adv you get is legit. Download the public key which signed the advertisment, and check that it matches the signature. If an interactive network config tool is running (as is likely for the first advertisment seen), the ID of the signer could be displayed, confirmation asked for (as in the first connection to a new server with SSH), etc. This way, only computers that are newly set up while an attack is under way are affected with anything more than a potential DOS. Affected computers would see it as an attack when the attacker _stopped_ sending advertisments, because the legit ones would have a different key. It would, as you say, require saving a lot of state. You might even need a way for the server to tell clients to forget the old key, in case that was needed for something. The clients could be configured to listen to advertisments signed with 1, 2, or more different keys. (if a machine should accept advertisments from only a single trusted identity, then it should be told that, so it knows that any advertisments signed with new IDs are attacks, and not some new source of legitimate advs.) -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , ns.ca) "The gods confound the man who first found out how to distinguish the hours! Confound him, too, who in this place set up a sundial, to cut and hack my day so wretchedly into small pieces!" -- Plautus, 200 BC
