70 likes | 301 Views
Threats Relating to Transport Layer Protocols Handling Multiple Addresses <draft-ohta-multi6-threats-00.txt>. Masataka Ohta Tokyo Institute of technology mohta@necom830.hpcl.titech.ac.jp. Multihoming and Multiple Addresses. To not to bloat the global routing table
E N D
Threats Relating to Transport Layer Protocols Handling Multiple Addresses<draft-ohta-multi6-threats-00.txt> Masataka Ohta Tokyo Institute of technology mohta@necom830.hpcl.titech.ac.jp
Multihoming and Multiple Addresses • To not to bloat the global routing table • Sites and small ISPs should have multiple prefixes assigned from their upstream • Multiple IP Addresses are mapped to a single transport entity session by session • The Internetworking layer is connectionless • Can not support “session” or its state • Transport layer takes care of the addresses
Threats Identified • Connection Hijacking with False Peer Address • New DDoS Opportunity with False Source Information • New DoS Opportunity on Identification • Privacy on Identification
Connection Hijacking with False Peer Address • Hosts in multihomed sites may be supplied a false peer address from an attacker, which redirect existing connection to a wrong location. • Not a new threat • MITM can rewrite DNS answers • MITM can rewirte URLs of HTTP sessions • Protected by cookies of transport protocols
New DDoS Opportunity with False Source Information • Hosts may be used for distributed DoS to damage the rest of the Internet • DoS amplification is the problem • Not a new threat • DNS reply is often longer than query • DoS bandwidth amplified • M6 protocols should not reply so long or so much replies for a short query packet
New DoS Opportunity on Identification • Depending on a way to identify a host, the host may be subject to DoS • PK cryptography is computationary expensive • Never perform PK computation (if any) without a cookie exchange • not a protection against MITM
Privacy on Identification • Depending on a way to identify a host, hosts may not be able to hide its privacy • IDs should be able to be temporary • Locators can not be hidden