The initiator cannot validate the cookie - it is an opaque blob for him. Should
he reject
the cookie if its length is more than 64 bytes? Possibly. I don't know.
It's a bit strange to check an opaque object…
It’s an opaque object that the RFC says should be up to 64 bytes.
I know that. However it doesn make this check less strange for me.
In my opinion this restriction is mostly for a responder, who generates a
cookie.
What about the responder - he doesn't see any cookie in this attack - the
attacker
sends the crafted cookie only to the initiator and sends a crafted
IKE_SA_INIT message w/o cookie to the responder (as far as I understand the
attack).
There is a cookie. See Figure 12 in Paul’s blog post:
https://securityblog.redhat.com/2016/01/13/the-sloth-attack-and-ikeipsec/
Ah, you are right. I missed that in a quick read.
After second read it seems to me that there is one more obstacle to that
attack in real world.
It seems that attacker appends original initiator's SAi, KEi, Ni payloads to its
message sent to responder (as info`). So, this message would contain two SA
payloads,
two KE payloads etc. I believe the responder must return INVALID_SYNTAX in this
case.
The responder accepts a cookie that it never sent. It doesn’t check the cookie because there is, in fact, no DoS
attack. That seems wrong.
Agreed. The proper action would be to request another cookie.
And in this case the attack would fail.
Yoav
Regards,
Valery.
_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec
