[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: NAT-Traversal - Security Considerations



 In your previous mail you wrote:

      Math (M) is behind NAT and establish an SA with Gateway (GW) using a
      specific Trafic Descriptor (TS). Using Tunnel Mode, Math will normally
      use his private IP address but can also used a spoofed one: Server (S)
      or VeryImportantMachine (VIM).
   
=> Math can spoof the address but not the identity so the attack is
a Denial of Service.

      This can be used by a malicious user to steal packets for VIM or to
      deny communication with S.
   
=> first (steal packets) should not be critical because M may not
spoof an identity so may not know keys. Second is a DoS and there is
a third one: redirect the traffic to (i.e. flood) a victim.

      Am I right or am I missing something ?

=> you don't miss something: NAT traversal capability gives to bad guys
on the path all NAT possibilities and they don't need to stay on the
path (so I call this problem the "transient pseudo-NAT attack").

      How GW can decide if Math's IP is valid and is not a spoofed one ?
   
=> it can't. The stupid defense (authentify the IP address) works but
disables the NAT traversal.

Regards

Francis.Dupont@enst-bretagne.fr