[Last-Call] Re: Rtgdir last call review of draft-ietf-bfd-unaffiliated-echo-11

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sep 27, 2024, at 4:44 AM, xiao.min2@xxxxxxxxxx wrote:

Section 4, question...

Could an attacker interpose themselves between the two nodes and perform
loopback? Loopback is an easy function with no requirement to generate
any additional security, so it is easier than impersonating a full BFD
implementation.

[XM]>>> In theory it would happen, however in the real deployment I doubt it would happen. Currently we have two specific use cases of the Unaffiliated BFD Echo, one is between RG and IP Edge (as described in Section 6.2.2 of BBF TR-146), another one is between DC Gateway and VM of Server (as described in draft-wang-bfd-one-arm-use-case). For the two use cases it seems difficult for an attacker to interpose itself between the two nodes.



As a potentially closing note, unaffiliated BFD PDUs require GTSM procedures validating the TTL.  In order for such an attacker to interpose themselves in such a fashion, it would have to be an attacker that appears one IP hop away, typically an on-link attacker.

In such a case, the attack is the expected destination being taken down but the BFD session being kept up.

Unaffiliated BFD can't detect such imposters.  BFD using one of the stronger authentications such as SHA-1 will have better resiliency against talking to such imposters.  In scenarios where this is a concern, unaffiliated BFD should not be used.  Even when stronger BFD authentication is in use, it shouldn't be used as a mechanism to try to provide application level authentication of the endpoints.  

-- Jeff

-- 
last-call mailing list -- last-call@xxxxxxxx
To unsubscribe send an email to last-call-leave@xxxxxxxx
[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Mhonarc]     [Fedora Users]

  Powered by Linux