The MPLS WG Archive[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index][Thread Index][Author Index][Subject Index] Security issue re draft-ietf-mpls-in-ip-or-gre-07
On Mon, 22 Mar 2004, Bora Akyol wrote: > I don't think so, destination address is the only field in the IP > header that really matters. That is, if one forges the src address > that can be used as a check, but that is about it, if one is doing > destination address checks, we are checking against the only field > in the ip header that matters. In other words, if the DA field is > forged, do you really care. The attacker must set the DA correctly > so that they can inject packets into the MPLS LSP that terminates at > that router. > > This is precisely why source address checking is a weak form of > security whereas destination addr based filtering is not. I don't think you understand the context and the operational assumption in which source based checking is performed. Assume that you have network using prefix 1.1.0.0/16. You run IP/GRE tunneling internally. At your borders, you check that 1.1.0.0/16 is not used as a source address for packets entering your network; these kind of checks are already commonplace (and should be more so). At the IP/GRE decapsulator, you check that the source address is the correct end-point address. This results to a practically unspoofable IP/GRE when run it internally, within 1.1.0.0/16. When you run it over your borders, this is trickier -- but the result is basically the same as you'd have with destination based checking; you'll have to ensure that (more or less) your peers and guys on the path are also doing some form of filtering. (Destination based checking doesn't help you at all here.) -- Pekka Savola "You each name yourselves king, yet the Netcore Oy kingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
|
|