Jeff, you mention below that NULL auth with sequence numbers is impractical to
use for optimizing authentication. I agree that NULL auth doesn't help with an
active attacker, but it still gives protection against "random" attacks? ISAAC
works for active attacks but I don't understand why no-auth still works,
no-auth is weaker than NULL auth: you don't need to be an active attacker to
knock over a session with no-auth?
Regards,Reshad.
On Tuesday, February 6, 2024, 08:56:44 AM EST, Jeffrey Haas
<jh...@pfrc.org> wrote:
My thought over first cup of caffeine for the morning: You can have an active
attacker attack a session using NULL auth and knock over a BFD session. This
is counter to the usual "silly" attack of keeping BFD Up.
Presume the session is in the Up state between A and B and using NULL auth.
The current expected sequence number at A from B is 100.
An active attacker, seeing that 100 is the sequence number, spoofs packets
rapidly in order 101..200.
Sequence number procedures are, tersely, "accept the larger sequence number as
long as it's bigger". Presume that some portion of that spray of packets gets
through and moves the sequence number > 100 + 3 before B would have sent
sequence 101.
B then continues happily sending the meticulously increasing packets, 101, 102,
103. These packets are discarded because the sequence number is under the
"last seen" sequence number.
The session drops.
I don't believe there is any mitigation against this attack in NULL auth.
The impacts of this, if so:
1. NULL auth and using the sequence numbers becomes impractical to use for
optimizing authentication procedures. ISAAC and no-auth still work.
2. BFD stability really wants that increasing sequence number. This leads to
using either meticulous types from the strong authentication mechanisms, or
ISAAC.
Counter observation 1: Stability doesn't really care about the sequence numbers
from a security standpoint, just a dropped packet standpoint. The attack
against stability if the sequence numbers aren't used for authentication of the
session to drop the session is to trigger an "unstable" event and whatever
trigger might be tied to that mechanism as a client.
Counter observation 2: If the sequence numbers are ignored as a mechanism for
taking the session down, you can't use it to prevent PITM attacks, but it's no
worse than no-auth. The periodic strong authentication becomes more important.
-- Jeff
