On Jun 10, 2014, at 10:17 AM, Joel M. Halpern <[email protected]> wrote:
> I think that the treat scopes for the two cases are different. Gleaning new > RLOCs is clearly a significant risk. > Gleaning the liveness of an RLOC from the fact that it appears to be talking > to you is a much lower risk. With a much higher benefit. I have no problem > with noting that there is a risk, albeit somewhat complex. But it should not > be viewed in the same manner. (All security is a matter of costs and > benefits.) And to add one more bit of detail here, gleaning the liveness of an RLOC who’s status bit has changed can be (and is in our IOS implementation) verified by a rate-limited RLOC Probe. -Darrel > > Yours, > Joel > > On 6/10/14, 1:06 PM, Ronald Bonica wrote: >> Hi Dino, >> >> Given that the LISP data packet or ICMP packet may be from an attacker, is >> it even safe to glean that? I think not. >> >> >> Ron >> >> >>> -----Original Message----- >>> From: Dino Farinacci [mailto:[email protected]] >>> Sent: Tuesday, June 10, 2014 1:04 PM >>> To: Ronald Bonica >>> Cc: LISP mailing list list >>> Subject: Re: [lisp] Restarting last call on LISP threats >>> >>> >>> On Jun 10, 2014, at 9:57 AM, Ronald Bonica <[email protected]> wrote: >>> >>>> Earlier in this thread, we agreed that when LISP is deployed on the global >>> Internet, mapping information cannot be gleaned safely from incoming LISP >>> data packets. Following that train of thought, when LISP is deployed on the >>> global Internet, is it safe to glean routing locator reachability >>> information >>> from incoming LISP data packets as described in RFC 6830, Section 6.3, >>> bullet >>> 1. If not, I think that we need to mention this in the threats document. >>> >>> What you can glean is that the source RLOC is up, but you cannot glean your >>> path to it is reachable. >>> >>>> Given that ICMP packets are easily spoofed, when LISP is deployed on the >>> global Internet, is it safe to glean routing locator reachability >>> information >>> from incoming ICMP packets as described in RFC 6830, Section 6.3, bullet 2 >>> and bullet 4. If not, I think that we need to mention this in the threats >>> document. >>> >>> What you can glean is that the source RLOC is up, but you cannot glean your >>> path to it is reachable. >>> >>> Dino >>> >> >> _______________________________________________ >> lisp mailing list >> [email protected] >> https://www.ietf.org/mailman/listinfo/lisp >> > > _______________________________________________ > lisp mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/lisp _______________________________________________ lisp mailing list [email protected] https://www.ietf.org/mailman/listinfo/lisp
