Hi Iljitsh, You have a point when you say that if a malicious router could toggle some bits, it could as well drop the packet.
However there is one small part you miss. In the above case the router can only affect traffic going through it. It could be an attack if toggling bits on the flows through a router, the router could actually affect flows not going through the router. However if it could bump up the priority(in the simplest terms) of the packets going through it, it could affect the flows of packets on other routers, as the packets needing the highest priority would considerably increase. Its an issue but a slightly of a lesser priority. Thanks, Vishwas On Feb 1, 2008 7:19 AM, Iljitsch van Beijnum <[EMAIL PROTECTED]> wrote: > On 1 feb 2008, at 16:12, Rahim Choudhary wrote: > > > Now if the change is in the muteable fields (DSCP, TTL) then no > > IPSec measure seems to be able to detect that. This could be a > > vulnerability that either causes the packets to drop on the way (TTL > > manipulation) or assigns them to the wrong class (DSCP manipulation). > > Who cares? > > If an attacker can flip your bits she can also flip the most > significant bit in the destination address and you'll never receive > that packet. The only thing a cryptographic hash over the header would > give you there is the ability to drop the packet even sooner. > > And how exactly are you going to have a HMAC or some such over header > fields? That requires having secret keying material in EVERY ROUTER > ALONG THE PATH. > > Can we please stop this discussion? > -------------------------------------------------------------------- IETF IPv6 working group mailing list [email protected] Administrative Requests: http://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
