On Sat, 8 Mar 2003, Tim Chown wrote:
On Sat, Mar 08, 2003 at 06:45:15PM +0200, Pekka Savola wrote:
No comments from the w.g. except by me and the author.
RA-piggybacking has a few different nuances, and I'm not sure if I think the one proposed is necessarily the best one, but it's the one group of solutions I'd probably follow up if I wanted to achieve something.
I'd like to see it kept on the table. I appreciate it has security issues, but then all the tabled methods do too?
Actually, the security properties of RA-piggybacking solutions are roughly on the same level as with DHCP and friends, not to mention general connectivity.
The only attack model with RA-piggybacking that might make sense is to inject a spoofed RA containing your rogue DNS servers instead of hijacking all the connectivity. This might be more difficult to notice than all net access being man-in-the-middle -attacked on the link by a node.
But then again, the above case hasn't been mentioned in any analysis I recall (just made it up), so it's difficult to say. I certainly don't feel there are a lot of issues with security in RA-based DNS discovery.
I believe section 6.2.7 of RFC 2461 will help catch this kind of attack. If the routers on the link validate the parameters being sent by other routers in their RA's, the spoofed RA should be detected.
Brian
-------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
