Hi Dino,
Given that the LISP data packet or ICMP packet may be from an attacker, is it
even safe to glean that? I think not.
Ron
> -----Original Message-----
> From: Dino Farinacci [mailto:[email protected]]
> Sent: Tuesday, June 10, 2014 1:04 PM
> To: Ronald Bonica
> Cc: LISP mailing list list
> Subject: Re: [lisp] Restarting last call on LISP threats
>
>
> On Jun 10, 2014, at 9:57 AM, Ronald Bonica <[email protected]> wrote:
>
> > Earlier in this thread, we agreed that when LISP is deployed on the global
> Internet, mapping information cannot be gleaned safely from incoming LISP
> data packets. Following that train of thought, when LISP is deployed on the
> global Internet, is it safe to glean routing locator reachability information
> from incoming LISP data packets as described in RFC 6830, Section 6.3, bullet
> 1. If not, I think that we need to mention this in the threats document.
>
> What you can glean is that the source RLOC is up, but you cannot glean your
> path to it is reachable.
>
> > Given that ICMP packets are easily spoofed, when LISP is deployed on the
> global Internet, is it safe to glean routing locator reachability information
> from incoming ICMP packets as described in RFC 6830, Section 6.3, bullet 2
> and bullet 4. If not, I think that we need to mention this in the threats
> document.
>
> What you can glean is that the source RLOC is up, but you cannot glean your
> path to it is reachable.
>
> Dino
>
_______________________________________________
lisp mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/lisp
