> On 16 Jan 2016, at 7:17 AM, HU, Jun (Jun) <[email protected]> wrote: > > > >> -----Original Message----- >> From: IPsec [mailto:[email protected]] On Behalf Of EXT Yoav Nir >> Sent: Friday, January 15, 2016 8:15 PM >> To: Valery Smyslov >> Cc: [email protected]; Paul Wouters; Scott Fluhrer (sfluhrer) >> Subject: Re: [IPsec] SLOTH & IKEv2 >> >> >>> On 15 Jan 2016, at 10:32 PM, Valery Smyslov <[email protected]> wrote: >>> >>> >>>>> What about the responder - he doesn't see any cookie in this attack >>>>> - the attacker sends the crafted cookie only to the initiator and >>>>> sends a crafted IKE_SA_INIT message w/o cookie to the responder (as >> far as I understand the attack). >>>> >>>> There is a cookie. See Figure 12 in Paul’s blog post: >>>> https://securityblog.redhat.com/2016/01/13/the-sloth-attack-and-ikeip >>>> sec/ >>> >>> Ah, you are right. I missed that in a quick read. >>> >>> After second read it seems to me that there is one more obstacle to >> that attack in real world. >>> It seems that attacker appends original initiator's SAi, KEi, Ni >>> payloads to its message sent to responder (as info`). So, this message >>> would contain two SA payloads, two KE payloads etc. I believe the >> responder must return INVALID_SYNTAX in this case. >> >> IIUC there are no two SA payloads and two KE payloads. All of those are >> part of the “cookie” sent to the real Responder. That is why it’s so >> large. > > [HJ] according to this > figure(https://securityblog.redhat.com/wp-content/uploads/2016/01/sloth-ike-2.png): > The IKE_INIT request(m1') send to real responder contain infoi' at the end, > which equals=SAi|g^x|Ni|infoi, so the actual > m1'=HDR|C2|SAi'|g^x'|ni|SAi|g^x|ni|infoi; thus two SA, tw KE, two Ni > payloads; C2 is the cookie payload in m1', it doesn't contain any payload. > while the cookie payload in m1(IKE_INIT request from release initiator) does > contain C1|SAi'|g^x’|ni
OK, but if those extra payloads are disguised as some notification (there is no payload actually called “info”), then responders do tend to ignore notifications they don’t recognize. Yoav _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
