[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Rogue RA WGLC

To: bob.hinden@nokia.com
Subject: Re: Rogue RA WGLC
From: Thomas Narten <narten@us.ibm.com>
Date: Wed, 26 Nov 2008 15:04:01 -0500
Cc: IPv6 Operations <v6ops@ops.ietf.org>
In-reply-to: <D7270079-5F10-407A-A008-A277BF4B58E6@NOKIA.COM>
References: <CC481882-F6F4-4126-B697-73C81A481C20@cisco.com> <D7270079-5F10-407A-A008-A277BF4B58E6@NOKIA.COM>

I agree with Bob's comments.

Upleveling, the difficulty I have with this document is that it mostly
just expands on the obvious -- namely that RAs do bad things when they
come from intruders or misconfigured sources.

About SEND, it says:

   3.2.  Secure Neighbor Discovery

   The SeND [4] protocol provides a method for hosts and routers to
   perform secure Neighbor Discovery.  At present there are very few
   SeND implementations available, and SeND is perceived as a complex
   protocol to deploy.  It is also likely that not all scenarios will be
   able to use SeND, for various reasons.  In particular SeND may be
   best suited for fully managed enterprise networks, rather than those
   where administrative control is not present.

This really needs to be expanded upon. The document later suggests that
SEND is really the best/most promising fix.

Consequently, we really should have a better technical explanation
than "perceived as complex", which is a non-technical way of
dismissing something without having to actually justify the statement.

If SEND has real issues with getting implemented/deployed, we should
explain what they are so we can figure out what to do about
them. Otherwise, this document should more strongly encourage people
to implement SEND, as the best way to fix the problems outlined in the
document.

I also agree that the vulnerabilities that are highlighted here are
pretty much the same in DHCP. I think one document that covers both
would be better, so as not to give the false impression (if that is
indeed the conclusion) that DHCP has advantages from a security
perspective.

Bob Hinden <BOB.HINDEN@nokia.com> writes:

> Hi,

> Some comments on <draft-chown-v6ops-rogue-ra-02.txt>.

> Bob

> ----------

> A class of solution that is missing from the draft is NAC (Network  
> Access Control) devices that look for bogus traffic (RAs in this case)  
> and have the ability to disable or quarantine the device by  
> controlling the appropriate switch port.  This is a hybrid of some of  
> the methods suggested in the draft.

> I think the discussion in the document of using DHCPv6 as a solution  
> to rogue RA problem overstates the utility of this as a possible  
> solution as it only moves the problem.  DHC has the same class of  
> problems rogue DHC servers, misconfigured DHC servers, etc., etc.  We  
> haven't seen this as much in DHCPv6, but it's only a matter of time as  
> it's very common in IPv4.  Just ask a university ISP what happens when  
> the students appear in the fall and plug in their own WLAN AP in the  
> their dorm room.  A zillion rogue DHC servers.

> It would be nice to make this clearer in the draft.

> I think it would make sense to expand the draft to cover both Rogue  
> RAs and Rouge DHCPv6 servers as I think we will need solutions for  
> both protocols and the problems are very similar.

> Bob

References:
- Rogue RA WGLC
  - From: Fred Baker <fred@cisco.com>
- Re: Rogue RA WGLC
  - From: Bob Hinden <BOB.HINDEN@nokia.com>

Prev by Date: Re: [BEHAVE] The renumbering problem [Re: Comments on the NAT66 draft]
Next by Date: WGLC for draft-ietf-v6ops-ra-guard-01.txt (was: Re: Rogue RA WGLC)
Previous by thread: Re: Rogue RA WGLC
Next by thread: WGLC for draft-ietf-v6ops-ra-guard-01.txt (was: Re: Rogue RA WGLC)
Index(es):
- Date
- Thread