[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [NSIS] new draft about security threats for the NAT/firewall NSLP

To: Franck.Le at nokia.com
Subject: Re: [NSIS] new draft about security threats for the NAT/firewall NSLP
From: Ali Fessi <ali.fessi at netlab.nec.de>
Date: Fri, 28 May 2004 21:12:55 +0200
Cc: nsis at ietf.org
In-reply-to: <57A26D272F67A743952F6B4371B8F811017CA805@daebe007.americas.nokia.com>
List-help: <mailto:nsis-request@ietf.org?subject=help>
List-id: Next Steps in Signaling <nsis.ietf.org>
List-post: <mailto:nsis@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/nsis>, <mailto:nsis-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/nsis>, <mailto:nsis-request@ietf.org?subject=unsubscribe>
References: <57A26D272F67A743952F6B4371B8F811017CA805@daebe007.americas.nokia.com>
Sender: nsis-bounces at ietf.org
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.6) Gecko/20040113

Hi Franck,

thanks for reading the draft and thanks for your feedback.

We focused the draft on the way how unauthorized users could use the natfw-nslp to install policy rules for their advantage, since this is our main concern.

About the threat that you suggested: i think it is not specific for the natfw-nslp. You could flood the victim with any kind of data traffic if you want to exhaust his battery or the resources of his access network. i don't think that this threat fits well in the document.

ciao, Ali.
--
Ali Fessi
NEC Network Laboratories     Kurfürsten-Anlage 36, D-69115 Heidelberg
Phone: (+49) 6221 9051151    Email: ali.fessi at netlab.nec.de


Franck.Le at nokia.com wrote:

Hello,

Thank you for the internet draft. It is a good document that can be helpful when designing the security solutions for the NAT/FW NSLP. Many of the threats have been identified and described. The following one is however not mentioned but might be relevant: The NAT/FW NSLP requiring firewalls to forward NSLP messages, a malicious node may keep sending NSLP messages to a target. This may consume the access network resources of the victim, drain the battery of the victim's terminal and may force the victim to pay for the received although undesired requests (especially in cellular networks).

Would you agree with this threat? Should it be included in the document as well?

Thank you,

Franck

-----Original Message----- From: nsis-bounces at ietf.org [mailto:nsis-bounces at ietf.org]On Behalf Of ext Ali Fessi Sent: 25 May, 2004 11:56 AM To: nsis at ietf.org Cc: Martin Stiemerling; Tschofenig Hannes Subject: [NSIS] new draft about security threats for the NAT/firewall NSLP
Dear all,
after some discussions within the NAT/firewall NSLP team, we decided to make a full analysis of the security threats for the NAT/firewall NSLP before we continue.
We submitted a new draft "Security Threats for the NAT/Firewall NSLP".
If you want to have a look at it before it becomes available in the
I-D repository, please have a look at:
ftp://ftp.ccrle.nec.de/pub/internet-drafts/draft-fessi-nsis-na
tfw-threats-00.txt
Comments are very welcome!!
Thanks,
Ali.
--
Ali Fessi
NEC Network Laboratories     Kurfürsten-Anlage 36, D-69115 Heidelberg
Phone: (+49) 6221 9051151    Email: ali.fessi at netlab.nec.de
_______________________________________________
nsis mailing list
nsis at ietf.org
https://www1.ietf.org/mailman/listinfo/nsis

_______________________________________________
nsis mailing list
nsis at ietf.org
https://www1.ietf.org/mailman/listinfo/nsis

References:
- RE: [NSIS] new draft about security threats for the NAT/firewall NSLP
  - From: Franck . Le

Prev by Date: RE: [NSIS] New NATFW NSLP I-D: draft-ieft-nsis-nslp-natfw-02.txt
Next by Date: [NSIS] RE: I-D ACTION:draft-ash-nsis-nslp-qspec-00.txt
Previous by thread: RE: [NSIS] new draft about security threats for the NAT/firewall NSLP
Next by thread: RE: [NSIS] new draft about security threats for the NAT/firewall NSLP
Index(es):
- Date
- Thread