Jack Kohn writes: > > > >> I also think that we need to mention that this does open up a window > >> for DoS attacks as explained in the above post in the Security > >> Considerations section. > > > > What DoS attack you are talking. If you can provide me some text I can > > put to draft, I am happy to do so, but anyways I would first need to > > know which DoS attack you are talking about. > > I think there is some text wrt "cache trashing" which will require > re-execution of the heuristics engine. An attack exploiting this can > result in a DoS attack.
You mean that if attacker sends packets which cause the deep inspection engine below the heuristics to think that this is no longer clear text flow, and then ask heuristics to be rerun for the flow? Usually it is much easier to attack the deep inspection engine itself, as it stores much more context and is much heavier than heuristics itself. Also as the attack requires deep inspection engine to work in some way, and the deep inspection engine behavior is out os scope for the heuristics draft. The section 6 talks a bit about how the deep inspection engine can detect SA reuse, (or this attack), but it just gives some examples what could be done, and does not specify exact behavior. If you have some specific text you think describes the attack, I can add that to the document. -- kivi...@iki.fi _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
