[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: swIPe comments
Phil (and everyone else),
It would be nice to see a (initially simple) taxonomy of denial-of-service
attacks -- beginning with your definition of "simple", and going on to ??
-- for inclusion in the draft Internet Security Architecture and to
otherwise organize security discussions in the IETF, etc. The
classifications should be, like Phil's definition below, in terms of
Internet (infrastructure) resources needed by (and/or affected by) the
attack.
Any contributions gratefully accepted.
-Rob-
At 2:31 PM 6/23/94 -0700, Phil Karn wrote:
>> We have modified our swIPe implementation slightly by adding host
>>filtering. Once swIPe is turned on - the ifconfigs and ioctls have
>>been issued - any packets from a designated swIPed partner that are
>>not swIPed are rejected. This is a few lines of code, mainly in ip_input.
>
>What happens if the remote peer crashes and loses its swIPe state? How
>can you reestablish the security association if you block all non-swIPed
>packets?
>
>I've been giving this particular problem a LOT of thought. Your
>protocol can allow for crashed hosts, but it's easy to leave yourself
>open to simple denial-of-service attacks if you're not careful.
>
>BTW, by a "simple" denial of service attack I mean the class of
>attacks that could be mounted by anyone anywhere on the Internet by
>using false IP source addresses WITHOUT subverting Internet routing or
>having physical access to some particular Internet path (e.g., between
>two legitimate security peers).
>
>Although everyone knows that it's impossible to preclude ALL denial of
>service attacks on the Internet, the "simple" class is *so* easy to do
>that I think any protocol we design ought to take them into account.
>
>Phil
Follow-Ups: