Hi Bill, How would you secure each ITR from bogus map replies which pretend to be from the authoritative nameserver?
It would be possible for an attacker to send a packet to host X, with source address B. The attacker wants the ITR which X uses to cache some bogus mapping information. The attacker reasonably assumes the ITR will now issue a map request to a nameserver which is authoritative for whatever /8 address B is in. While the request and genuine reply is in transit, the attacker sends a bogus packet, using the nameserver's address as the source. The ITR sees this as the authentic mapping information and caches the result. That mapping results in all packets for address B (and others in the same micronet?) being tunnelled to the attackers ITR. This affects packets from any host which relies on the ITR. So the real victim may be on nearby host Y, when they send packets to B. - Robin -- to unsubscribe send a message to [EMAIL PROTECTED] with the word 'unsubscribe' in a single line as the message text body. archive: <http://psg.com/lists/rrg/> & ftp://psg.com/pub/lists/rrg
