[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Initiator exposes DOS attack for IKEv2?







The DOS protection designed in IKEv2 is designed to protect responders
from malicious initiators, but not vice versa. Someone impersonating
a server can waste the client's time by sending invalid responses, but
cannot overwhelm the client with traffic because the request rate is
ultimately controlled by the client.

If the attacker can prevent packets from flowing between the two parties,
it can prevent communication. If the attacker can only insert additional
bogus packets but not prevent the real ones from being delivered, it would
be possible to design a client that resisted such DOS attacks given the
current protocol, but the current specification doesn't say how, it would
be tricky to get right, and I don't expect anyone to do it.

      --Charlie

> Hi all,
>
> Hopefully, I do not misunderstand the draft in this DOS attack scenario.
> Welcome any input.
>
> Assume Initiator creates the Diffe-Herman group x public key and sends
> the KE payload to the responder in the IKE_SA_INIT exchange. The
> responder does not like this group x DH. It should response back with
> "INVLID_KE_PAYLOAD" indicating the corrected DH group (see 2.7). Since
> IKE_SA_INIT exchange is clear text exchange, there is a possible the
> third party acts as the responder to reply this "INVALID _KE_PAYLOAD"
> for each initiator' request.
>
> This causes the initiator continues changing the DH group and re-send
> the KE payload that the responder wants.
>
> We know DH calculation is very CPU-intensive. Initiator system can have
> very bad DOS attack by this scenario. Any comment?
>
> Thanks,
>
> Tom Hu