[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: BALTS: Better At Least Than Singlehomed
First, thanks to all for replying so quickly.
On Mon, 11 Feb 2002, Daniel Hagerty wrote:
> > At the destination address, the packets are de-encapsulated and processed
> > like regularly received packets.
> Your proposal is missing a "security" analysis. If you spend a
> few moments on that, you're going to note some "issues" with this
If a system de-encapsulates tunnelled packets without prior tunnel
configuration, this could be used by attackers to bypass firewalls. This
can be remedied by either:
1. Disallow the encapsulation protocol, so tunnelled packets can't enter
(or leave) the system,
2. De-encapsulate incoming packets first, then apply filters / first apply
filters and then perform the multihoming processing for outgoing
3. Look inside the encapsulating packet and apply filter rules to the
Discovery of the backup address through the DNS wouldn't be as secure as
it could be, but since single homed communication depends on the DNS in
the first place, I don't see this as a fatal flaw.
A good later addition would be a mechanism for hosts to determine the
reachability status and other information (such as backup addresses)
dynamically and in a secure way.
Did you have any other issues in mind?
Iljitsch van Beijnum