Should routers send redirects by default?
jared at puck.nether.net
Fri Aug 20 23:21:14 UTC 2010
On Aug 20, 2010, at 6:34 PM, Owen DeLong <owen at delong.com> wrote:
> On Aug 20, 2010, at 2:54 PM, Valdis.Kletnieks at vt.edu wrote:
>> On Fri, 20 Aug 2010 16:08:19 CDT, Butch Evans said:
>>> Maybe I'm missing something. Can you point me to something that will
>>> help my understand WHY an ICMP redirect is such a huge security concern?
>>> For most of the networks that I manage (or help to manage), I can see no
>>> reason why this would be an issue.
>> In general, it's not a big deal, except that unlike a proper routing protocol
>> where you can redirect a /16 or a /default at a time and withdraw it when
>> needed, ICMP redirects tend to form host routes that have to individually be
>> redirected back if the routing flips back to its original status.
>> Until a PC or something on the network gets pwned, and issues selective forged
>> ICMP redirects to declare itself a router and the appropriate destination for
>> some traffic, which it can then MITM to its heart's content. *Then* you truly
>> have a manure-on-fan situation.
> This is worse than said PC issuing rogue RAs exactly how?
> Perhaps we should pressure switch vendors to add ICMP Redirect
> protection to the RA Guard feature they haven't implemented yet?
One of my points is that redirects are routing updates of a dynamic nature. If the hosts are intended to participate in the routing process perhaps they should speak a protocol that can be secured further vs something that can't.
Please join the discussion on ipv6 at ietf. It's part of a router and host requirements document.
More information about the NANOG