Hi Martin,
> The attack here is fairly simple: an attacker gets a valid packet and
rewrites the source address (to an address it controls). If that packet
is accepted by the endpoint that receives it, then it will probe toward
the attacker. The attacker needs to rewrite the source address on the
packet it receives so that it elicits a genuine response from the peer.
Then the attacker captures the response and rewrites the source address.
For me, this requires, that cid is used in both directions. If not, the
"elicits" doesn't work, or? If both parties are using CID in order to
signal, that the addresses are changing, my feeling is, this scenario is
not that common. (Even more, it will have anyway troubles, with or
without CID.)
> With this, if the attacker can observe two dropped packets (or cause
them to be dropped somehow). The first probably has to precede a quiet
period that is long enough to complete the process; the latter needs to
contain a probe response. If those conditions can be met, then the
attack can place itself on-path.
"With this" and a "setup, where both peer's addresses will change
dynamically", ....
In my experience, one peer uses a fixed ip-address, while the other one
uses a temporary/dynamic assigned one. Yes, the RFC supports that both
peers are using CID. FMPOV, that's more about that the CID principals
maybe used for both directions (with the risk you point), than that
there are real worlds use-cases on a "both sides dynamic".
> Without a probe on the original path, the attacker doesn't have to
provide a better route than the original. Adding that probe means that
the attacker has to provide a faster and more consistent service, which
looks more like a net gain than an attack.
I see, that in cases, where both sides uses cid and dynamic addresse,
there maybe that manipulation. But, I can't see the attack. Maybe I
oversee something. If the "on path attacker" is installed and that
attacker changes the source of the traffic again in order to attack an
other victim peer, the probe will again protect the victim's new source
from being DDoS'ed.
So, please be more explizit, what the resulting attack would look like?
best regards
Achim Kraus
Am 05.05.21 um 04:45 schrieb Martin Thomson:
I can't claim credit for all of the jankiness in QUIC regarding on-path,
off-path, and friends.
The attack here is fairly simple: an attacker gets a valid packet and rewrites
the source address (to an address it controls). If that packet is accepted by
the endpoint that receives it, then it will probe toward the attacker. The
attacker needs to rewrite the source address on the packet it receives so that
it elicits a genuine response from the peer. Then the attacker captures the
response and rewrites the source address.
With this, if the attacker can observe two dropped packets (or cause them to be
dropped somehow). The first probably has to precede a quiet period that is
long enough to complete the process; the latter needs to contain a probe
response. If those conditions can be met, then the attack can place itself
on-path.
Without a probe on the original path, the attacker doesn't have to provide a
better route than the original. Adding that probe means that the attacker has
to provide a faster and more consistent service, which looks more like a net
gain than an attack.
On Wed, May 5, 2021, at 01:49, Martin Duke wrote:
Hannes,
What you might be missing is that Martin Thomson chose what to me is an
unintuitive definition of off-path attacker. On-path means that you a
router that you can drop a packet. An off-path attacker might be an
observer, which can see the packets, or not. I hope that clears things
up a little bit -- although this is very hard to reason about.
Reading through Section 9.3.3 "Off-Path Packet Forwarding", I noticed that the
attacker needs to be able to
* observe the packets sent by DTLS endpoints in both directions, and
I would argue it needs to only observe from the client (the one
allegedly changing address) to server.
* replay the packets in such a way that they arrive faster than the original
packets send by the DTLS endpoints, and
This is the hardest part. The most plausible way is to purchase a
higher SLA from the service provider than the victim traffic.
* re-write both source and destination IP address to appear like a NAT for both
endpoints.
No, it just needs to rewrite the source address of client->server packets.
Your second and third capabilities would actually defeat the "probe the
original address" countermeasure provided in the draft.
So yes, if the "attacker" is actually a router providing a superior
route to the host, there's nothing you can do.
But the required capabilities are the same for (1) pretending there is
a NAT rebinding where there isn't, and (2) pretending there isn't one
where there is. In both cases, one has to sit between NAT and server,
observe packets, rewrite source IPs, and beat the original packet to
the server.
Martin
On Tue, May 4, 2021 at 6:30 AM Hannes Tschofenig
<hannes.tschofe...@arm.com> wrote:
Hi Martin,
The attack described in Section 9.3.3 of
https://tools.ietf.org/html/draft-ietf-quic-transport-34#section-9.3.3 makes a
lot of assumptions about the attacker.
I am not opposed to adding the recommendation but I want to understand it first
since there is also a price to pay for it (in terms of complexity and
performance). Like elsewhere there is no free lunch.
Reading through Section 9.3.3 "Off-Path Packet Forwarding", I noticed that the
attacker needs to be able to
* observe the packets sent by DTLS endpoints in both directions, and
* replay the packets in such a way that they arrive faster than the original
packets send by the DTLS endpoints, and
* re-write both source and destination IP address to appear like a NAT for both
endpoints.
The last point is needed to ensure that the packet re-routing persists.
IMHO these assumptions hint to an on-path attacker. An on-path attacker (such
as a router) can already today perform a denial of service attack on DTLS
secured communication by dropping all packets.
Ciao
Hannes
-----Original Message-----
From: Martin Duke via Datatracker <nore...@ietf.org>
Sent: Tuesday, April 20, 2021 9:47 PM
To: The IESG <i...@ietf.org>
Cc: draft-ietf-tls-dtls-connection...@ietf.org; tls-cha...@ietf.org; tls@ietf.org;
Joseph Salowey <j...@salowey.net>; j...@salowey.net
Subject: Martin Duke's No Objection on draft-ietf-tls-dtls-connection-id-11:
(with COMMENT)
Martin Duke has entered the following ballot position for
draft-ietf-tls-dtls-connection-id-11: No Objection
When responding, please keep the subject line intact and reply to all email
addresses included in the To and CC lines. (Feel free to cut this introductory
paragraph, however.)
Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
for more information about DISCUSS and COMMENT positions.
The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-tls-dtls-connection-id/
----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------
Thanks for this document.
Section 9.3.3 of quic-transport, which deals with basically the same security
model, also requires the receiving endpoint to probe the original address, not
just the new one, to address a somewhat more difficult attack. It would be good
to at least RECOMMEND this behavior for DTLS applications, and/or
(repeat/informatively reference) the logic there.
IMPORTANT NOTICE: The contents of this email and any attachments are
confidential and may also be privileged. If you are not the intended recipient,
please notify the sender immediately and do not disclose the contents to any
other person, use it for any purpose, or store or copy the information in any
medium. Thank you.
_______________________________________________
TLS mailing list
TLS@ietf.org <mailto:TLS%40ietf.org>
https://www.ietf.org/mailman/listinfo/tls
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
