yaog escribió: > -----邮件原件----- > 发件人: marcelo bagnulo braun [mailto:marcelo at it.uc3m.es] > 发送时间: 2009年1月23日 7:39 > 收件人: Christian Vogt > 抄送: Guang Yao; SAVI Mailing List > 主题: Re: [savi] Binding establishment based on data or control packets? > > Christian Vogt escribió: > >> On Jan 22, 2009, marcelo bagnulo braun wrote: >> >> >>> Actually what happens when we design SAVI such that it sends RSOL >>> packets, is that the RSOL packet acts as a synchronization point, that >>> can be used by attacker to claim the address ownership and confuse the >>> SAVI device. In other words, the whole point of a FCFS appraoch, is that >>> requests arrive in the natural. If we introduce the RSOL >>> synchronization, the order is broken and we can hardly tell who is the >>> first one to request. >>> >> Marcelo - >> >> The potential issue that an attacker can trick a SAVI device into >> creating a false binding already exists in FCFS without binding >> distribution protocol. In that case, false bindings are limited to the >> SAVI device to which the attacker attaches directly. Why do you think >> the issue becomes so much worse if a binding distribution protocol >> enabled the attacker to create a false binding also in other SAVI >> devices? >> > > cause the difference here is that attacker knows what IP address is a > valuable target (i.e. the address included in the NSOL msg) > > The NSOL msg acts like a call for arms for the attacker to attack that > address. > > I mean, let's focus in the IPv6 case. In IPv6, the attacker cannot > attack all the addresses cause 2^64 are way too many addresses. So, it > needs some hint about which address is a good target. Issuing the RSOL > acts as such. > > Note that there is a difference between the attacker replying to the > NSOL issued by the end host during the DAD and the attacker replying to > the NSOL issued by a SAVI device. In the case of DAD, if the attacker > replies, the host will not sue that address. However, when the SAVI > issues the NSOL message, the host is already using the address, so > blocking the address would imply that the host cannot use the address it > has configured. > > ~Comment Start~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > ~Guang: > 1 We are actually blocking wrong configuration. It is reasonable. > I am not sure i understand blocking a packet sent by the rightfull owner of the address (which is what i described above) is _not_ ok > 2 Let pass the packets will cause more trouble. > letting pass the packets sent by the rightfull owner is the right thing to do > 3 I think it is still synch problem first. > not sure what you mean regards, marcelo > ~ Comment End~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > Finally, suppose that the SAVI device actually sends the NSOL, then what > does the SAVI device does it receives two NADV replying? > I mean, there is no way to tell who is the rightful owner, so what > should the SAVI device do in that case? > > Regards, marcelo > > >> (I am saying "potential" issue above because the issue can be avoided if >> the SAVI device knows that the address is already being used elsewhere.) >> >> - Christian >> >> >> >> > > > >
Note Well: Messages sent to this mailing list are the opinions of the senders and do not imply endorsement by the IETF.