On 4/6/2012 2:10 PM, Murphy, Sandra wrote:
So where's the dos attack?
(Do note that the bgpsec signatures would detect this at the first point that
checked the signatures, so your neighbor would have spotted the injection -
unless it was the source of the injection.)
So I think I finally see what Shane's getting at. Let's say:
- I'm a bad actor (A)
- Bob is my neighbor (B)
- Charlie is Bob's neighbor (C)
A is trying to cause B and C to have different views of the world. In
addition, we must assume:
- B's router ignores AS_PATH and just uses BGPSEC_Path_Signature
- C's router checks both AS_PATH and BGPSEC_Path_Signature
As the bad actor, A injects C into the AS_PATH (malicious), but
processes BGPSEC_Path_Signature normally, and sends the update to B.
- B verifies BGPSEC_Path_Signature only, passes it to C
- C detects a loop in AS_PATH and drops the update
A has just caused B to accept an update while simultaneously causing C
to drop it silently. While not a very strong attack (B could always
filter the route anyway), I could imagine it being a starting point for
causing confusion.
This is solved by prescribing that AS_PATH/AS4_PATH is ignored when
BGPSEC is enabled, but Shane has a good point that we might need to
coordinate with IDR on this. I defer to the WG chairs on that coordination.
-Andrew
_______________________________________________
sidr mailing list
sidr@ietf.org
https://www.ietf.org/mailman/listinfo/sidr