[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: TOS copying considered harmful

To: Black_David@emc.com
Subject: RE: TOS copying considered harmful
From: Stephen Kent <kent@bbn.com>
Date: Fri, 15 Sep 2000 09:32:24 -0400
Cc: mat@cisco.com, ipsec@lists.tislabs.com
In-Reply-To: <0F31E5C394DAD311B60C00E029101A0704100F95@corpmx9.isus.emc.com>
References: <0F31E5C394DAD311B60C00E029101A0704100F95@corpmx9.isus.emc.com>
Sender: owner-ipsec@lists.tislabs.com

At 10:00 PM -0400 9/14/00, Black_David@emc.com wrote:
>h> IPsec is a security protocol, thus it is appropriate for it to
>  > include explicit controls when security-relevant mapping takes place
>  > relevant to a tunnel. By the way, it's not traffic analysis per se
>  > that is the major concern. The concern is that a Trojan Horse
>  > "behind" the IPsec implementation uses the TOS field to exfiltrate
>  > data.
>
>And if the network beyond the tunnel egress is using that field to
>determine which packets get what QoS-based services, there
>are also possible denial of service attacks based on modifying
>the field in the outer header of tunneled traffic.
>
>For the record, I like Steve's proposal for modifications to RFC 2401's
>rules for tunnel header processing, and there's text in a number of
>diffserv RFCs that was written in anticipation/hope of such changes
>(e.g., see p.30 of RFC 2475).  I would expect that specification of
>these changes would be accompanied by guidance on their proper
>use and warning about security risks that may make them
>inappropriate to configure/use in some situations, right?

Right.

Steve

References:

RE: TOS copying considered harmful

From: Black_David@emc.com

Prev by Date: draft-huttunen-ipsec-esp-in-udp-00.txt
Next by Date: Re: TOS copying considered harmful
Prev by thread: RE: TOS copying considered harmful
Next by thread: Re: TOS copying considered harmful
Index(es):
- Main
- Thread