Re: [dnsext] IP fragmentation security
Nicholas Weaver <nweaver@ICSI.Berkeley.EDU> Mon, 01 June 2009 20:56 UTC
Return-Path: <owner-namedroppers@ops.ietf.org>
X-Original-To: ietfarch-dnsext-archive@core3.amsl.com
Delivered-To: ietfarch-dnsext-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B23AB3A688C; Mon, 1 Jun 2009 13:56:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.048
X-Spam-Level:
X-Spam-Status: No, score=-5.048 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FH_RELAY_NODNS=1.451, RCVD_IN_DNSWL_MED=-4, RDNS_NONE=0.1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lzqL355h1bQL; Mon, 1 Jun 2009 13:56:39 -0700 (PDT)
Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id C73B53A6B1C; Mon, 1 Jun 2009 13:56:38 -0700 (PDT)
Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from <owner-namedroppers@ops.ietf.org>) id 1MBEUa-000H3R-HC for namedroppers-data0@psg.com; Mon, 01 Jun 2009 20:52:24 +0000
Received: from [192.150.186.11] (helo=fruitcake.ICSI.Berkeley.EDU) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.69 (FreeBSD)) (envelope-from <nweaver@ICSI.Berkeley.EDU>) id 1MBEUP-000H2S-4Q for namedroppers@ops.ietf.org; Mon, 01 Jun 2009 20:52:18 +0000
Received: from [IPv6:::1] (jack.ICSI.Berkeley.EDU [192.150.186.73]) by fruitcake.ICSI.Berkeley.EDU (8.12.11.20060614/8.12.11) with ESMTP id n51Kq4nv009029; Mon, 1 Jun 2009 13:52:04 -0700 (PDT)
Cc: Matthew Dempsky <matthew@dempsky.org>, George Barwood <george.barwood@blueyonder.co.uk>, "<namedroppers@ops.ietf.org>" <namedroppers@ops.ietf.org>
Message-Id: <4B0687DD-C979-4FC6-A32F-48ABC411B9D9@ICSI.Berkeley.EDU>
From: Nicholas Weaver <nweaver@ICSI.Berkeley.EDU>
To: Nicholas Weaver <nweaver@ICSI.Berkeley.EDU>
In-Reply-To: <375691A7-70D9-47A9-BAC4-440D82702442@ICSI.Berkeley.EDU>
Content-Type: text/plain; charset="US-ASCII"; format="flowed"; delsp="yes"
Content-Transfer-Encoding: 7bit
Mime-Version: 1.0 (Apple Message framework v935.3)
Subject: Re: [dnsext] IP fragmentation security
Date: Mon, 01 Jun 2009 13:52:03 -0700
References: <8FA88E5DED3E4E16A214AEAAB4AC755C@localhost> <ACCD92CF-ABF2-4A29-B4E1-0C4F25C5DE43@icsi.berkeley.edu> <ADED5A71-1B52-4D60-AEB2-A3CCFD12B6A5@ICSI.Berkeley.EDU> <F5BA13EB-C222-46C9-B5AE-426243867276@dempsky.org> <375691A7-70D9-47A9-BAC4-440D82702442@ICSI.Berkeley.EDU>
X-Mailer: Apple Mail (2.935.3)
Sender: owner-namedroppers@ops.ietf.org
Precedence: bulk
List-ID: <namedroppers.ops.ietf.org>
On Jun 1, 2009, at 1:26 PM, Nicholas Weaver wrote: > > On Jun 1, 2009, at 1:24 PM, Matthew Dempsky wrote: > >> Another comment: the attacker also has to forge the UDP checksum, >> which includes the source port and txid, but is itself only 16 >> bits. On the other hand, the attacker doesn't have to bother >> repeating the query name, so it opens the possibility for a >> birthday attack. >> >> Does anyone know any DNSSEC enabled zones containing wildcard names >> with large recordsets? > > OH, good point. Forgot about the UDP checksum. > > So you're right, this will fail because the checksum includes the > exisiting entropy sources. Oh wait: here's the math: Its 2^16 regardless of the entropy sources (port, 0x20, ID, etc): The checksum is a 2^16 value. The attacker must match: a) The IPID (predictable or 1 in 2^16, but assume predictible) b) The checksum (1 in 2^16, matched by basically having a random 16b value somewhere in the attacker's fragment, as this checksum includes both port and TXID and 0x20, and if the attacker knew those, he could respond directly)) However, the attacker gets only one try per query, since the first packet which matches IPID is used to be in the checksum (a checksum failure will mean a dropped UDP packet, not a "retry assembly" I'm assuming). So its not kaminski-level even when it under conditions that work (authority sends a large, fragmented response with a predictable IPID), because although its a glue race-until-win style attack, you can only generate only one attack packet per query, which means ~2^16 queries to generate a successful attack, and you need to be effectively sequential to keep the IPID predictable. The same glue policy countermeasures against Kaminski attacks also works here, BTW. Apologies for my stupidities. -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: <http://ops.ietf.org/lists/namedroppers/>
- Re: [dnsext] IP fragmentation security Nicholas Weaver
- Re: [dnsext] IP fragmentation security Nicholas Weaver
- Re: [dnsext] IP fragmentation security Nicholas Weaver
- Re: [dnsext] IP fragmentation security Alex Bligh
- Re: [dnsext] IP fragmentation security Matthew Dempsky
- Re: [dnsext] IP fragmentation security Matthew Dempsky
- Re: [dnsext] IP fragmentation security Nicholas Weaver
- Re: [dnsext] IP fragmentation security Nicholas Weaver
- Re: [dnsext] IP fragmentation security Douglas Otis
- Re: [dnsext] IP fragmentation security Nicholas Weaver
- Re: [dnsext] IP fragmentation security Matthew Dempsky
- Re: [dnsext] IP fragmentation security Douglas Otis