[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [AVT] SRTP and ICMP destination unreachable ...

To: "'John Lazzaro'" <lazzaro@CS.Berkeley.EDU>
Subject: RE: [AVT] SRTP and ICMP destination unreachable ...
From: "Elisabetta Carrara (EAB)" <Elisabetta.Carrara@era.ericsson.se>
Date: Wed, 30 Oct 2002 13:30:54 +0100
Cc: avt@ietf.org
List-help: <mailto:avt-request@ietf.org?subject=help>
List-id: Audio/Video Transport Working Group <avt.ietf.org>
List-post: <mailto:avt@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/avt>,<mailto:avt-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/avt>,<mailto:avt-request@ietf.org?subject=unsubscribe>
Sender: avt-admin@ietf.org

Hi John
you are right, SRTP does not face the issue, nor it 
should.
The security of ICMP is a problem per-se. A number of 
protocols can be affected, starting from routing. 
Unauthenticated ICMP messages can bring to a lot of _bad_ 
things. Note also, similar messages (teardown, shut down, 
error etc) can probably come from other control protocols and 
other protocols at other layers.
I think it is sometimes practice not to take drastic
actions based on unauthenticated ICMP messages.

Cheers
/E



> -----Original Message-----
> From: John Lazzaro [mailto:lazzaro@CS.Berkeley.EDU]
> Sent: den 29 oktober 2002 19:55
> To: avt@ietf.org
> Subject: [AVT] SRTP and ICMP destination unreachable ...
> 
> 
> 
> Hi everyone,
> 
> 	I'm been doing a code review of the sfront networking system
> (which partially implements an authentication system similar to SRTP)
> as part of the writing process for the MWPP implementation guide, and
> was wondering about this line in the SRTP I-D:
> 
> > Message authentication for RTCP is REQUIRED, as it is the control 
> > protocol (e.g., it has a BYE packet) for RTP.
> 
> 	If an implementation follows this advice, should it also
> ignore ICMP destination unreachable packets (i.e. the ICMP packet that
> results in the ECONNREFUSED errno under UNIX)?
> 
> 	I'm not well versed at what happens at the network layer with
> ICMP, but I was under the impression that it would be pretty easy for
> an attacker to send ICMP packets that would end a particular media
> stream, if he was able to snoop on the IP headers of the stream in the
> clear. So, accepting unauthenticated ICMP destination unreachable
> packets would seem to opening up the same attacks as accepting
> unauthenticated RTCP BYE commands ...
> 
> 	I did a quick scan through the SRTP document and didn't see
> this issue discussed, my apologies if I missed it ...
> 
> --------------------------------------------------------------
> -----------
> John Lazzaro -- Research Specialist -- CS Division -- EECS -- 
> UC Berkeley
> lazzaro [at] cs [dot] berkeley [dot] edu     
www.cs.berkeley.edu/~lazzaro
-------------------------------------------------------------------------

_______________________________________________
Audio/Video Transport Working Group
avt@ietf.org
https://www1.ietf.org/mailman/listinfo/avt
_______________________________________________
Audio/Video Transport Working Group
avt@ietf.org
https://www1.ietf.org/mailman/listinfo/avt

Prev by Date: [AVT] I-D ACTION:draft-lazzaro-avt-mwpp-coding-guidelines-00.txt
Next by Date: AW: [AVT] Re: Non-standard RFC 2833 definition of ANS, /ANS, ANSam and /ANSam
Previous by thread: [AVT] SRTP and ICMP destination unreachable ...
Next by thread: RE: [AVT] SRTP and ICMP destination unreachable ...
Index(es):
- Date
- Thread