[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: DoS attack on JFK



On Mon, 04 Mar 2002 16:27:35 EST you wrote
> So, this attack is not without risk for the attacker -- someone
> monitoring the system under attack can correlate the inbound flood of
> message #3 with the source address of the previous message #1's and
> use this to trace the attack back to the coordinator.

Yea but it would be nice if a security protocol did not require some
external system to defend itself against DoS attacks. Especially if the
external system must maintain the state the the protocol is saying is
not required to be kept.

>    [... if the initiator ip address is included in the HMAC ...]
>    the responder could make note of an unsuccessful decryption from a
>    particular IP address and refuse any more messages from it for a
>    period of time.
> 
> Yah, this would work, but a responder could also blacklist "Ni,Nr"
> pairs or HMAC values; that might be a more effective strategy than
> blacklisting by source address -- with IPv6, an attacker on a link
> which does stateless address autoconfig has access to on the order of
> 2^64 usable source addresses; and even with ipv4, an attacker might
> have access to many valid addresses.

I think a JFK implementation should implement blacklisting of bad 
authenticator blobs anyway. The attack is so much easier if it doesn't:
send one message one, get back one message two, and send N message threes
with the same nonces, exponentials, and authenticator using random source
IP addresses.

I don't see how blacklisting the authenticator or "Ni,Nr" pairs would be
more effective than blacklisting the IP address (provided it is included 
in the authenticator as I am suggesting) since it is trivial to use
different "Ni,Nr" pairs and different authenticators in each of the N 
message threes used to launch this attack.

If someone has 2^64 usable source addresses from which to launch attacks it
will be difficult to stop but including the IP address in the authenticator
calculations would provide more information on where that link is. Each
failed decryption would indicate a valid IP address of the attacker.

  Dan.