[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [rddp] Terminate message a security threat?

To: "Jim Pinkerton" <jpink at windows.microsoft.com>, "RDDP" <rddp at ietf.org>
Subject: RE: [rddp] Terminate message a security threat?
From: "Caitlin Bestler" <caitlinb at siliquent.com>
Date: Tue, 4 Jan 2005 09:38:59 -0800
List-help: <mailto:rddp-request@ietf.org?subject=help>
List-id: "IETF Remote Direct Data Placement \(rddp\) WG" <rddp.ietf.org>
List-post: <mailto:rddp@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/rddp>, <mailto:rddp-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/rddp>, <mailto:rddp-request@ietf.org?subject=unsubscribe>
Sender: rddp-bounces at ietf.org
Thread-index: AcTyZ3AKaq0QGkKMQvyjhSJeLK+srgAG9Vvg
Thread-topic: [rddp] Terminate message a security threat?

The only thing I can think of that might be different is that a naive implementation

might parse a Terminate message on the assumption that it is validly formatted.

It is concievable that certain implementations might be vulnerable to specific

incorrect formattings causing internal buffer overflows/etc. It sounds crazy,

but look at some of the web/email related attacks that have been diagnosed.

But even that isn't a *new* attack, since deliberate mal-formatting of headers

is a known attack, and the mitigation strategy is already known (don't make

assumptions about anything that shows up on a wire).

So I'd agree that an extra example might be nice, but there are always things

that would be "nice" to add to a draft. If you keep adding them forever then

it stays a draft forever. I'd rather have an RFC that was missing some examples.

From: rddp-bounces at ietf.org [mailto:rddp-bounces at ietf.org] On Behalf Of Jim Pinkerton
Sent: Tuesday, January 04, 2005 6:13 AM
To: RDDP
Subject: [rddp] Terminate message a security threat?

To date the security ID doesn?t discuss the Terminate Message. It was suggested to me by Mallikarjun as part of his detailed review that since all other messages are discussed, shouldn?t Terminate be?

In thinking this through, I don?t believe this represents any new attacks. If the Remote Peer is sending you a Terminate Message, then that ½ of the Stream is terminated. So he just clobbered himself, but hasn?t been able to affect any other connections ? thus this is not a security issue. If a third party is able to inject a Terminate Message into the data stream, then it is a spoofing attack. The spoofing attack and mitigations are already discussed. So I think at best the Terminate Message could be added as an example of a spoofing attack, but honestly there are a ton of things the spoofer could do, so I?m not sure I?d revise the draft just to add another example.

Does anyone see a hole in my reasoning?

Jim

--
Caitlin Bestler
Director Software Architecture
Siliquent Technologies
caitlinb at siliquent.com

_______________________________________________
rddp mailing list
rddp at ietf.org
https://www1.ietf.org/mailman/listinfo/rddp

Prev by Date: Re: [rddp] Terminate message a security threat?
Next by Date: Re: [rddp] Terminate message a security threat?
Previous by thread: Re: [rddp] Terminate message a security threat?
Next by thread: RE: [rddp] Terminate message a security threat?
Index(es):
- Date
- Thread