Hi Darrel,
Does IOS implement a single RLOC Probe rate limiter (i.e. one rate limiter per
box)? Or does it implement one rate limiter per RLOC?
Ron
> -----Original Message-----
> From: Darrel Lewis (darlewis) [mailto:[email protected]]
> Sent: Wednesday, June 11, 2014 6:29 PM
> To: Joel M. Halpern
> Cc: Darrel Lewis (darlewis); Ronald Bonica; Dino Farinacci; LISP mailing list
> list
> Subject: Re: [lisp] Restarting last call on LISP threats
>
>
> On Jun 10, 2014, at 10:17 AM, Joel M. Halpern <[email protected]>
> wrote:
>
> > I think that the treat scopes for the two cases are different. Gleaning new
> RLOCs is clearly a significant risk.
> > Gleaning the liveness of an RLOC from the fact that it appears to be
> > talking to you is a much lower risk. With a much higher benefit. I
> > have no problem with noting that there is a risk, albeit somewhat
> > complex. But it should not be viewed in the same manner. (All
> > security is a matter of costs and benefits.)
>
> And to add one more bit of detail here, gleaning the liveness of an RLOC
> who's status bit has changed can be (and is in our IOS implementation)
> verified by a rate-limited RLOC Probe.
>
> -Darrel
>
> >
> > Yours,
> > Joel
> >
> > On 6/10/14, 1:06 PM, Ronald Bonica wrote:
> >> Hi Dino,
> >>
> >> Given that the LISP data packet or ICMP packet may be from an attacker,
> is it even safe to glean that? I think not.
> >>
> >>
> >> Ron
> >>
> >>
> >>> -----Original Message-----
> >>> From: Dino Farinacci [mailto:[email protected]]
> >>> Sent: Tuesday, June 10, 2014 1:04 PM
> >>> To: Ronald Bonica
> >>> Cc: LISP mailing list list
> >>> Subject: Re: [lisp] Restarting last call on LISP threats
> >>>
> >>>
> >>> On Jun 10, 2014, at 9:57 AM, Ronald Bonica <[email protected]>
> wrote:
> >>>
> >>>> Earlier in this thread, we agreed that when LISP is deployed on the
> >>>> global
> >>> Internet, mapping information cannot be gleaned safely from incoming
> >>> LISP data packets. Following that train of thought, when LISP is
> >>> deployed on the global Internet, is it safe to glean routing locator
> >>> reachability information from incoming LISP data packets as
> >>> described in RFC 6830, Section 6.3, bullet 1. If not, I think that we
> >>> need to
> mention this in the threats document.
> >>>
> >>> What you can glean is that the source RLOC is up, but you cannot
> >>> glean your path to it is reachable.
> >>>
> >>>> Given that ICMP packets are easily spoofed, when LISP is deployed
> >>>> on the
> >>> global Internet, is it safe to glean routing locator reachability
> >>> information from incoming ICMP packets as described in RFC 6830,
> >>> Section 6.3, bullet 2 and bullet 4. If not, I think that we need to
> >>> mention this in the threats document.
> >>>
> >>> What you can glean is that the source RLOC is up, but you cannot
> >>> glean your path to it is reachable.
> >>>
> >>> Dino
> >>>
> >>
> >> _______________________________________________
> >> lisp mailing list
> >> [email protected]
> >> https://www.ietf.org/mailman/listinfo/lisp
> >>
> >
> > _______________________________________________
> > lisp mailing list
> > [email protected]
> > https://www.ietf.org/mailman/listinfo/lisp
_______________________________________________
lisp mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/lisp
