Hi Dan,
I suspect the IKEv3 in its current form is susceptible to very simple DoS
attack.
Suppose we have Alice, Bob and Malory. Alice wants to communicate with Bob,
Malory wants to not allow her to do it. For this Malory sends INIT packet to
Bob
pretending to be Alice (this packet may have fake or real Alice's source
IP).
Bob's state machine transfers to Reception state and Bob replies back
to what he thinks is Alice. This reply packet either goes to nowhere
(if IP is fake) or get dropped by Alice according to 6.1.1.2 first bullet.
Now Malory has achived his goal - untill TM event happens and
Bob's state machine returns back to Nothing state, Bob will
discard any INIT packet from real Alice according to 6.1.1.2 second bullet.
What Malory needs to do - infrequently send such INIT packets and
Alice will have almost no chance to communicate with Bob.
I think the root of this susceptibility is in the draft's intention to have
only one
instance of IKEv3 protocol running between two peers, even before
peer is authenticated or, at least, confirmed her ability to
participate in IKEv3 (for example by COOKIE exchange).
Another thing (among others that have been already mentioned by other
people)
that I think decreases protocol usability - the lack of error notifications.
If something goes wrong (due to misconfiguration, etc.) peers never
report the problem to each other, so protocol will try to retransmit for
quite
a long time before some recovery actions could be done
(for example switch to another peer).
Regards,
Valery Smyslov.
_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec
