[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: NAT-Traversal - Security Considerations
In your previous mail you wrote:
Math (M) is behind NAT and establish an SA with Gateway (GW) using a
specific Trafic Descriptor (TS). Using Tunnel Mode, Math will normally
use his private IP address but can also used a spoofed one: Server (S)
or VeryImportantMachine (VIM).
=> Math can spoof the address but not the identity so the attack is
a Denial of Service.
This can be used by a malicious user to steal packets for VIM or to
deny communication with S.
=> first (steal packets) should not be critical because M may not
spoof an identity so may not know keys. Second is a DoS and there is
a third one: redirect the traffic to (i.e. flood) a victim.
Am I right or am I missing something ?
=> you don't miss something: NAT traversal capability gives to bad guys
on the path all NAT possibilities and they don't need to stay on the
path (so I call this problem the "transient pseudo-NAT attack").
How GW can decide if Math's IP is valid and is not a spoofed one ?
=> it can't. The stupid defense (authentify the IP address) works but
disables the NAT traversal.
Regards
Francis.Dupont@enst-bretagne.fr