ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: pros and cons of RMX (Re: [Asrg] Declaration to the world)

2003-03-07 14:32:29
from [Hallam-Baker, Phillip] [Permanent Link] 
If an attacker fails when spoofing foo.com they can turn
around and spoof bar.com.  If that fails too, they can keep
trying until they manage to get something cached.  


This attack is very easily prevented.

It has only a chance of 1 in 2^16 of succeeding per spoofing
try.

The DNS client can very easily detect attempts at spoofing.
It simply keeps a record of unsolicited DNS responses.

So if the DNS client receives 10 unsolicited responses for 
xyz.com the client simply notes that it is under attack from
a party wanting to spoof that address.

So the probability of success withthat threshold is 1 in 6636.



You always know where to spoof.  You send the packets at
the SMTP server, since that's the machine that's going to
make a request of it's server.  


That is not going to work. The SMTP server knows what the
address of its DNS server is. You may know the destination
address but you don't know the source.

If it is an issue you can secure the DNS client/server 
connection using TSIG.


I do not find this attack to be persuasive. I might have
concerns if we were considering a cryptographic protocol
intended to provide robust confidentiality and integrity.
However for our particular application the perfect is going
to be the enemy of the good.

The IETF has not been particularly good at designing security
protocols. The only two major successes, Kerberos and SSL were
both developed and deployed successfully before being brought
to the IETF. Internally developed security protocols have 
tended to fall victim to requirements bloat leading to
protocols that are too inflexible to deploy.

For example we could have easily provided a usefull degree of
security in SMTP by simply incorporating a certificateless
DH key exchange to secure the connection. That idea was squashed
as there is a man-in-the-middle vulnerability so we have had
NOTHING instead - until people started to use STARTTLS in a
configuration that i actually vulnerable to that same MITM 
attack.


All we have to do to defeat spam is to reduce the probability 
of success to 1 in 100 or so and the spam sender costs are
toast. We have a technology already designed and deploed in
100 million clients that reduces the probability of success
to 1 in 2^128 - S/MIME. Only it is not going to provide a 
solution at current deployment rates.

                Phill 
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Asrg] Collecting statistics, Vernon Schryver
Next by Date:  RE: False positives (was Re: [Asrg] Re: RMX Records), Hallam-Baker, Phillip
Previous by Thread:  RE: pros and cons of RMX (Re: [Asrg] Declaration to the world), Jonathan Wilkins
Next by Thread:  RE: pros and cons of RMX (Re: [Asrg] Declaration to the world), Jonathan Wilkins
Indexes:  [Date] [Thread] [Top] [All Lists]