Dino,
I don't understand your response. So, I will ask the question another way.
Imagine a scenario in which a victim XTR and an attacker are attached to the
global Internet. The attacker is neither an XTR nor contained by a LISP site.
The attacker sends a flow of crafted packets to the victim XTR. Each packet is
a well-formed LISP data packet. It contains:
- an outer IP header (LOC->LOC)
- a UDP header
- a LISP Header
- an IP header (EID->EID)
- payload
Each packet contains control plane information that is new to the victim XTR.
For example, the victim XTR has no mapping information regarding either the
source LOC or source EID prefix. Rather than gleaning this mapping information
from the crafted packet, the victim XTR sends a verifying MAP-REQUEST to the
mapping system.
Assume that the attack flow is large (N packets per second). Assume also that
the XTRs rate limit for MAP-REQUEST messages is less than N packets per second.
Has the attack not effectively DoS'd the victim XTR?
To make this attack work, every packet in the attack flow may need to have a
unique, spoofed, source LOC.
Ron
> > The attacker can launch a DoS attack against an XTRs control plan by
> sending a barrage of crafted packets to the victim XTR. Each crafted packet
> cause the victim XTR to send a verifying MAP-REQUEST to the mapping
> system. The attack stream may be so large that it causes the victim XTR to
> exceed the rate limit for MAP-REQUEST messages.
>
> You can trust sources less if they ARE NOT in the mapping database. That is,
> if
> you are a LISP site, you have more tools be verify trust.
>
> Dino
>
_______________________________________________
lisp mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/lisp
