North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Kiss-o'-death packets?
On Mon, 6 Oct 2003 [email protected] wrote: > The problem with a 'kiss-o-death' packet is that it needs to be authenticated. > Otherwise, you can use spoofed packets to DoS somebody. How many lines are in > your root-DNS hints? And even if we insist on the KoD packet having the query > ID in it, that's a TINY address space. I can even feed you spam to force you > to hit the DNS, trickle you some forged KoD packets, and within a day or so > make you refuse to talk to any of the root nameservers... (Note that TCP > connections are a lot more easily dealt with, as the 3-packet handshake adds a > lot to the security. However, Wesel's numbers on "98% of the root DNS traffic > is bogus" indicate that we really need this on the UDP side of the fence as > well....) That's why I mentioned the 4-way handshake, and the need for it in many different protocols. Its authenticated based on the end-to-end communication, but not on a higher authority (e.g. PKI). Man in the middle attacks exist, but MITM could disrupt the communications anyway. Phase I Send IP packet -> <- ICMP GoAway + nonce + header&64 bytes of packet Match sent IP packet? No -> Ignore Duplicate -> Ignore (i.e. received a reply from the "real" host) Yes -> Sender is now informed of the possible problem Phase II The next phase could be TCP, UDP, SSL, whatever. I made it ICMP for simplicity. In phase II the source (or edge or firewall) confirms the intention/desire of the destination host to drop the unwanted packets. Send ICMP Block + nonce + header&64 bytes of ICMP GoAway -> Match sent ICMP GoAway? No -> Reply no block Yes -> Reply with block code <- ICMP Block Reply + header&64 bytes of ICMP Block Code (no block, host, protocol, port, source) Match sent ICMP Block? No -> Ignore Yes No block -> Ignore Block host, protocol, port or source -> Locally respond to future packets to host/protocol/port/source as Destination Unreachable Set dampening timer, remove block when expires
|