[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Nat Traversal concern in IKEv2



Howdy,

	I've wound up with some extra time on my hands lately and thought I'd 
contribute some more.


So when sending NAT_DETECTION_SOURCE_IP or NAT_DETECTION_DESTINATION_IP 
these payloads contain a SHA1 hash of the IP address and port.

First of all, there is no specification as to what key to use for the 
SHA1. And this is before the DH has completed. So I see no reasonable 
choice for how to key this algorithm.

But more worrisome would be that a dictionary attack on all possible IP 
addresses with 500 and 4500 for ports would reveal the key with fairly 
light effort. So I perceive a requirement that the key used for this 
SHA1 in the NAT_DETECTION_* payloads MUST NOT be related in any way to 
the keys or key generating material used for privacy, integrity and 
authentication later. This requirement seems onerous.


So perhaps we could move the  NAT_DETECTION_SOURCE_IP and 
NAT_DETECTION_DESTINATION_IP payloads to somewhere in the protected 
portion of the IKE exchanges and just put the IP/port in the packet 
directly (not a SHA1 hash).

What do y'all think?





---
Ricky Charlet
(formerly with Sonciwall and before that formerly with Redcreek)
rcharlet@alumni.calpoly.edu
510.324.3163