[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Heartbeats (was RE: keepalives)

To: Paul Koning <pkoning@xedia.com>
Subject: RE: Heartbeats (was RE: keepalives)
From: Andrew Krywaniuk <akrywaniuk@TimeStep.com>
Date: Wed, 8 Dec 1999 14:59:53 -0500
Cc: rcharlet@redcreek.com, ipsec@lists.tislabs.com
Sender: owner-ipsec@lists.tislabs.com

>  Ricky> * Unsecured heartbeats in the clear leave you open to DOS
>  Ricky> attack as anybody can spoof you into thinking that your peer
>  Ricky> is no-responsive.
> 
> How can you do that?  Clearly you can make a down peer appear up, but
> I don't see how you can make an up peer appear down by spoofing
> packets.

Didn't you know? You just spoof an anti-packet. When the packet and
anti-packet collide they annihalate each other. The resulting EMP takes down
your gateway, causing DoS.

Obviously we can't deal with the non-responsiveness issue. The only way to
spoof non-responsiveness is for the attacker to remove packets from the
wire, and if they can do that then they don't need any help effecting a DoS
attack.

Maybe Ricky was saying that if we were to tear down the channel if we
received a badly formatted packet from the peer then we would be vulnerable
to DoS. That's why any good heartbeat protocol has to ignore any packets
that could have been spoofed.

Andrew
_______________________________________________
 Beauty without truth is insubstantial.
 Truth without beauty is unbearable.

Follow-Ups:

Re: Heartbeats (was RE: keepalives)

From: Ricky Charlet <rcharlet@redcreek.com>

Prev by Date: Re: Heartbeats (was RE: keepalives)
Next by Date: Re: Heartbeats (was RE: keepalives)
Prev by thread: RE: Heartbeats (was RE: keepalives)
Next by thread: Re: Heartbeats (was RE: keepalives)
Index(es):
- Main
- Thread