Changes between Version 2 and Version 3 of Security01


Ignore:
Timestamp:
22/09/09 15:38:04 (14 years ago)
Author:
hartmans-ietf@…
Comment:

Start talking about mapping

Legend:

Unmodified
Added
Removed
Modified

  • Security01

    v2 v3  
    5757== Mapping in General ==
    5858
     59Attacks on the Internet mapping system  are generally considered quite serious.  Many higher layers distinguish between on-path and off-path attacks, so the ability to change the topology so that  you, as an attacker, are on-path is valuable.  Similarly, ingress and egress filtering establish security barriers that help prevent attacks, so being able to attack the mapping system and change the topology to appear to be inside a particular address range can be valuable.  Se RFC 3552 section 3.4.
     60
     61Today's Internet mapping system involves several components:
     62 * ARP or Neighbor Discovery handles on-link mapping.
     63 * The local IGP (OSPF, ISIS, etc) handles mapping within an organization
     64 * BGP handles global Internet mapping
     65
     66In general, ARP and ND are fairly easy to attack in most environments.  As a result, it is often possible for one node on a link to attack the mapping system and receive packets destined for another node on the link.  In addition some link types allow every node on a link to observe packets.
     67
     68However, some environments do require mechanisms to protect against these attacks; RFC 3971 specifies mechanisms to protect neighbor discovery.  The mechanisms for protecting ARP are more ad-hoc and typically focus more around configuration choices than a cryptographic protocol, but they do exist and are important in some environments.
     69
     70It's generally easy for an attacker who compromises  a router to compromise the mapping system, at least within a limited domain.  There is work under way in the SIDR working group to look at reducing the trust placed in each router, but that is fairly long-term work.  In LISP terms, this probably means that:
     71 * At least now, compromising a LISP+Alt router may compromise the mapping system
     72 * Compromising an ETR may compromise mapping to the EID prefixes served by that ETR
     73 
     74However, ETRs should not be trusted so much that compromising one ETR leads to compromising the mapping of unrelated EID prefixes, just as compromising most customer site routers does not involve compromising mapping of addresses belonging to other customers.
     75
     76
     77
     78
     79
     80
    5981=== Mapping Integrity ===
    6082