Opened 9 years ago

Closed 8 years ago

#58 closed technical (fixed)

LISP breaking RPF and used as anonymization service (from Y. Rekhter's review)

Reported by: luigi@… Owned by:
Priority: major Component: draft-ietf-lisp
Severity: - Keywords:
Cc:

Description (last modified by luigi@…)

This is Comment 43

Section 12

There are many comments above that relate to security. Grep for
"security" or "attack". Other possible issues that come to mind that
should be explored here are whether LISP breaks RPF, and whether the
ubiquitous tunneling infrastructure could be reused as a botnet
anonymization service.

Change History (4)

comment:1 Changed 9 years ago by luigi@…

  • Description modified (diff)

comment:2 Changed 9 years ago by yakov@…

  • Priority changed from minor to major

The draft authors asked me to "elaborate and clarify" my concerns.

I'd like the draft to explicitly spell out how uRPF will work in the presence of LISP.

I also would like the draft to explicitly spell out whether the ubiquitous tunneling infrastructure used by LISP could be reused as a botnet anonymization service, and if yes, then what are the mechanism(s) to prevent this from happening.

comment:3 Changed 8 years ago by luigi@…

  • Resolution set to fixed
  • Status changed from new to resolved

The issue has been fixed in version -12 of the draft as described in section B.1:

  • Tracker item 58. Added last paragraph of Security Considerations section about how to protect inner header EID address spoofing attacks.

comment:4 Changed 8 years ago by luigi@…

  • Status changed from resolved to closed
Note: See TracTickets for help on using tickets.