[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IPSEC Security Gateways & NAT

To: Dan Harkins <dharkins@lounge.org>
Subject: Re: IPSEC Security Gateways & NAT
From: Ari Huttunen <Ari.Huttunen@F-Secure.com>
Date: Mon, 25 Jun 2001 18:14:54 +0300
CC: jshukla <jshukla@earthlink.net>, ipsec@lists.tislabs.com
Organization: F-Secure Corporation
References: <200106191651.f5JGowu00723@dharkins@lounge.orgatty.lounge.org>
Sender: owner-ipsec@lists.tislabs.com



Dan Harkins wrote:
> 
> On Tue, 19 Jun 2001 09:25:31 PDT you wrote
> >
> > Right! The point is that pre-shared keys based authentication
> > can be made more robust against DoS attacks compared to
> > the other three authentication methods. In their current form,
> > all authencitation methods are susceptible to DoS attacks.
> 
> The DoS attack mounted against IKE is one that exploits the fact that
> the responder creates state upon receipt of a single message from the
> initiator. That will not be addressed by moving the authentication
> step. It will be addressed by further complicating the protocol with
> a new stateless "cookie request" option.
> 
> Your suggestion to move the authentication step would further complicate
> the protocol. The way it is now there is a uniform progression of state
> for each of the authentication methods. As someone who has implemented
> this protocol I can tell you it makes it much simpler to code that way.
> 
> As has been pointed out repeatedly in this thread (and in the past) a
> DoS attack that attempts to force the responser to do needless Diffie-
> Hellman work would expose its IP address and the attack could be properly
> addressed because of it.
> 
> There are all sorts of changes that can be made to IKE but one that
> would make the protocol much more complicated for such a small (perhaps
> even non-existent) benefit is not something we should consider.
> 
>   Dan.

Is anyone still interested in Base Mode? It would be possible to create
a Base Mode where reception of the first message is stateless to the Responder,
by sending the state back in msg2 encrypted with some locally known symmetric
key, and verified upon reception in msg3. This modified Base Mode
could then be used to replace Aggressive Mode. The rationale for changing
Base Mode would be that nobody's yet really using it (?), and that it's cool :).
There's a paper by Pekka Nikander explaining the theory of making protocols
stateless, forget where that is though.

Of course, this all may not be worth the trouble.

Ari

-- 
Ari Huttunen                   phone: +358 9 2520 0700
Software Architect             fax  : +358 9 2520 5001

F-Secure Corporation       http://www.F-Secure.com 

F(ully)-Secure products: Integrated Solutions for Enterprise Security

Follow-Ups:

Re: IPSEC Security Gateways & NAT

From: Bill Sommerfeld <sommerfeld@East.Sun.COM>

RE: IPSEC Security Gateways & NAT

From: "Andrew Krywaniuk" <andrew.krywaniuk@alcatel.com>

References:

Re: IPSEC Security Gateways & NAT

From: Dan Harkins <dharkins@lounge.org>

Prev by Date: Re: ID payloads semantics for phase 2 SAs
Next by Date: Re: IPSEC Security Gateways & NAT
Prev by thread: Re: IPSEC Security Gateways & NAT
Next by thread: Re: IPSEC Security Gateways & NAT
Index(es):
- Main
- Thread