Re: Flooding Attacks and MIP6 (was RE: [Mipshop] Review of draft-arkko-mipshop-cga-cba-04)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Flooding Attacks and MIP6 (was RE: [Mipshop] Review of draft-arkko-mipshop-cga-cba-04)

To: Jari Arkko <jari.arkko at kolumbus.fi>
Subject: Re: Flooding Attacks and MIP6 (was RE: [Mipshop] Review of draft-arkko-mipshop-cga-cba-04)
From: Vijay Devarapalli <vijay.devarapalli at azairenet.com>
Date: Mon, 14 Aug 2006 16:46:23 -0700
Cc: mipshop at ietf.org
In-reply-to: <44E0D802.5090307@kolumbus.fi>
List-help: <mailto:mipshop-request@ietf.org?subject=help>
List-id: mipshop.ietf.org
List-post: <mailto:mipshop@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/mipshop>, <mailto:mipshop-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/mipshop>, <mailto:mipshop-request@ietf.org?subject=unsubscribe>
References: <C24CB51D5AA800449982D9BCB903251311A5E9@NAEX13.na.qualcomm.com> <44E0D802.5090307@kolumbus.fi>
User-agent: Thunderbird 1.5.0.5 (Windows/20060719)

Jari Arkko wrote:

3. Using MIP6 home subscription to redirect traffic to the victim. Of course, the risk here is that of authenticated nodes registering the victim's IP address as its CoA.

Let me first state that if I could redesign RFC 3775 today, I would probably
NOT include an administrative security association relationship for the
MN - HA. This would have made deployment much easier (e.g. DHCP
assigned home agents without any of the bootstrapping complexity).
And it would have gotten us rid of problem #3.


we could add a return routability check for the home agent
to check if the mobile node is at the CoA it is claiming in
the BU. but AFAIK, it has not been seen as an issue so far.

regarding the "administrative security association
relationship", things are no longer so rigid (RFC 3775 ties
an SA to the home address) with the bootstrapping specs. the
mobile node can be assigned any random home agent as long as
there is a way to authenticate each other.

Vijay

_______________________________________________
Mipshop mailing list
Mipshop at ietf.org
https://www1.ietf.org/mailman/listinfo/mipshop

Follow-Ups:
- RE: Flooding Attacks and MIP6 (was RE: [Mipshop] Review of draft-arkko-mipshop-cga-cba-04)
  - From: Narayanan, Vidya

References:
- Flooding Attacks and MIP6 (was RE: [Mipshop] Review of draft-arkko-mipshop-cga-cba-04)
  - From: Narayanan, Vidya
- Re: Flooding Attacks and MIP6 (was RE: [Mipshop] Review of draft-arkko-mipshop-cga-cba-04)
  - From: Jari Arkko

Prev by Date: [Mipshop] I-D ACTION:draft-ietf-mipshop-cga-cba-00.txt
Next by Date: RE: Flooding Attacks and MIP6 (was RE: [Mipshop] Review of draft-arkko-mipshop-cga-cba-04)
Previous by thread: Re: Flooding Attacks and MIP6 (was RE: [Mipshop] Review of draft-arkko-mipshop-cga-cba-04)
Next by thread: RE: Flooding Attacks and MIP6 (was RE: [Mipshop] Review of draft-arkko-mipshop-cga-cba-04)
Index(es):
- Date
- Thread

Re: Flooding Attacks and MIP6 (was RE: [Mipshop] Review of draft-arkko-mipshop-cga-cba-04)

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.