Hi Fred In section 6 : "Namely, the protocol must take measures to secure IPv6 ND messages on links where spoofing attacks are possible » By reading this passage, I have the impression that there are links where attack spoofing is possible and others not ! How can we know if this attack is possible or not in a specified link ? Thank you Zied
> Le 10 janv. 2017 à 22:52, Templin, Fred L <[email protected]> a écrit > : > > Hi Christian, > >> -----Original Message----- >> From: Christian Huitema [mailto:[email protected]] >> Sent: Tuesday, January 10, 2017 11:34 AM >> To: Templin, Fred L <[email protected]>; 'Brian E Carpenter' >> <[email protected]>; '6man WG' <[email protected]>; >> 'INT Area' <[email protected]> >> Subject: RE: [Int-area] Route Information Options in Redirect Messages >> >> On Tuesday, January 10, 2017 9:55 AM, Fred Templin wrote: >>> ... >>> What is being proposed in the document I submitted is the inclusion of >>> RIOs in Redirect messages for a *prefix* that is not on-link, as opposed >>> to a singleton destination. So, the same SHOULD in the paragraph above >>> would seem to apply also to prefix redirection the same as for ordinary >>> destination redirection. >> >> Fred, I am reading the security section of your draft. I think it needs a >> bit more work. >> >> Currently, the RIO are only expected in router advertisements. RA are >> somewhat special, and there is often specific code in switches to check RA >> and prevent RA spoofing -- e.g., RA-Guard. Allowing the option in Redirect >> messages could very well bypass the RA specific checks. Doesn't that open >> the path for new attacks? Should you not say something about that in the >> security section? How about specific mitigations, such as sanity checks when >> processing redirect messages? > > Since IP will still operate correctly if transmission of Redirect messages is > somehow suppressed (i.e., denial of Redirect service), the more serious > threat to be considered is spoofing. Here is what currently appears under > Security Considerations: > > "Security considerations for Redirect messages that include RIOs are > the same as for any IPv6 ND messages as specified in Section 11 of > [RFC4861]. Namely, the protocol must take measures to secure IPv6 ND > messages on links where spoofing attacks are possible. > > A spoofed Redirect message containing no RIOs could cause corruption > in the host's destination cache while a spoofed Redirect message > containing RIOs could corrupt the host's routing tables. While the > latter would seem to be a more onerous result, the possibility for > corruption is unacceptable in either case." > > So, from the first paragraph, we can see that the protocol must take > measures to secure IPv6 ND messages on links where spoofing attacks > are possible. The second paragraph then analyzes the consequences of > what could happen if a spoofing attack were successful and we see that > there are unacceptable negative consequences for both traditional > Redirects and Redirects that include RIOs. > > The text stops short of saying that "no Redirects of any kind should be > used on links where spoofing attacks are possible". Would adding a > statement such as this address the concern? > > Thanks - Fred > [email protected] > > -------------------------------------------------------------------- > IETF IPv6 working group mailing list > [email protected] > Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 > -------------------------------------------------------------------- Best Regards, مع تحياتي Zied BOUZIRI، زياد بوزيري ISET Charguia, Tunisie www.bouziri.tn <http://www.bouziri.tn/>
_______________________________________________ Int-area mailing list [email protected] https://www.ietf.org/mailman/listinfo/int-area
