Re: Protection of port 500

[Dan McDonald <Dan.McDonald@Eng.Sun.COM>]

> Isn't this approach just looking for trouble?

Not really...

> Can applications be trusted to protect themselves from, let's say, from DoS
> attacks?

I used the phrase "trusted applications" in the almost MLS-sense of the
word.  If you RTM on Solaris, you'll note that bypassing node-wide policy can
only be done by root privileged apps.  You shouldn't grant such a privilege
willy-nilly, which I believe is your point.

BTW, you can never _fully_ extinguish Denial-of-Service.  There's a paper
co-authored by a contributor to this list and WG that explains this.  All you
can do is reduce the risk to an acceptable level.  (What's the difference
between DoS and a very busy day of legitimate use?)

> I'd want at least the option of some lower layer policy enforcement (ACLs,
> filters, etc.) in additon to whatever the app layer provides.

For such paranoia, a good implementation should allow that.  We allow
node-wide policy to disallow even the root-restricted bypass privilege we
normally allow.  We do not default to that, so that we can make our IKE
daemon do per-socket bypass, as well as allow future versions of diagnostic
tools (e.g. traceroute) to potentially bypass policy on a per-invocation
basis.

Dan

---

Follow-Ups:

• Re: Protection of port 500
• From: Francis Dupont <Francis.Dupont@enst-bretagne.fr>

References:

• Re: Protection of port 500
• From: Matthew Franz <mfranz@cisco.com>

---

• Prev by Date: Re: Inbound processing of ESP packet
• Next by Date: Re: Protection of port 500
• Prev by thread: Re: Protection of port 500
• Next by thread: Re: Protection of port 500
• Index(es):
  • Main
  • Thread