> On 6 Mar 2016, at 5:28 PM, Graham Bartlett (grbartle) <[email protected]> > wrote: > > Hi > > The only case I could imagine that this could occur is if the Initiators > Nonce and KE were purposely made very small and the Initiator did not > perform any validation on this, sending it¹s own reply where the KE and > Nonce were considerably larger. > > I¹ve seen an amplification attack, where an implementation (as a > responder) would reply to a SA_INIT. If the responder did not receive a > reply to its SA_INIT it would re-transmit either 3 or 5 times (can¹t > remember exactly). (this seemed to not conform to 2.1 retransmission > timers..
It doesn’t conform. I think this was more common in IKEv1, but I’m not sure why. Maybe because of the need to store a larger state for Main Mode. In IKEv2 a Responder should only reply once, but store the reply for retransmission in case the request is received again. IMHO even in that case this is not an interesting attack. We should be worried about amplification attacks where little traffic causes a lot of traffic, not a case where I send a 200-byte packet which results in a 250-byte packet, and not even a 5 250-byte packets. Sending a request and directing a server to send an entire movie in 4K quality using RTP in an interesting amplification attack. Using a 10-Mbps uplink to generate 12-Mbps of traffic is not. Yoav
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
