[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: RESEND: Thoughts on identity attacks
Charlie_Kaufman@notesdev.ibm.com writes:
> I believe many features in IKE are in the category of "seemed almost free"
> at the time, and so are included without any demonstrated need. Identity
> hiding is one. Stateless cookies is another. The ability to craft
> incredibly
> complex combinations of crypto algorithms and ESP/AH/IPCOMP combinations
> is a third. Having a phase I and a phase II is a fourth.
I think stateless cookies are extremely important to protect against
resource starvation attacks (ala the TCP SYN attack). If I can cause
your IKE daemon to store a lot of state by sending it a single
(forged) UDP packet, I can effectively starve your system. With
stateless cookies you at least have reachability to gain a better idea
who is trying to attack you -- the attacker must be somewhere on the
path between you and the IP address being used to attack you.
-derek
--
Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
Member, MIT Student Information Processing Board (SIPB)
URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH
warlord@MIT.EDU PGP key available