Fragmentation considered harmful
SIGCOMM '87 Proceedings of the ACM workshop on Frontiers in computer communications technology
Key Exchange in IPSec: Analysis of IKE
IEEE Internet Computing
Analysis of the IPSec Key Exchange Standard
WETICE '01 Proceedings of the 10th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises
Towards Network Denial of Service Resistant Protocols
Proceedings of the IFIP TC11 Fifteenth Annual Working Conference on Information Security for Global Information Infrastructures
Building an application-aware IPsec policy system
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
Building an application-aware IPsec policy system
IEEE/ACM Transactions on Networking (TON)
Secure VPNs for Trusted Computing Environments
Trust '09 Proceedings of the 2nd International Conference on Trusted Computing
Fragmentation considered vulnerable: blindly intercepting and discarding fragments
WOOT'11 Proceedings of the 5th USENIX conference on Offensive technologies
Improving the performance of security of real-time video over IP
AIC'10/BEBI'10 Proceedings of the 10th WSEAS international conference on applied informatics and communications, and 3rd WSEAS international conference on Biomedical electronics and biomedical informatics
LOT: A Defense Against IP Spoofing and Flooding Attacks
ACM Transactions on Information and System Security (TISSEC)
Fragmentation Considered Vulnerable
ACM Transactions on Information and System Security (TISSEC)
| Hi-index | 0.00 |
Since IP packet reassembly requires resources, a denial of service attack can be mounted by swamping a receiver with IP fragments. In this paper we argue how this attack need not affect protocols that do not rely on IP fragmentation, and argue how most protocols, e.g., those that run on top of TCP, can avoid the need for fragmentation. However, protocols such as IPsec's IKE protocol, which both runs on top of UDP and requires sending large packets, depend on IP packet reassembly. Photuris, an early proposal for IKE, introduced the concept of a stateless cookie, intended for DoS protection. However, the stateless cookie mechanism cannot protect against a DoS attack unless the receiver can successfully receive the cookie, which it will not be able to do if reassembly resources are exhausted. Thus, without additional design and/or implementation defenses, an attacker can successfully, through a fragmentation attack, prevent legitimate IKE handshakes from completing. Defense against this attack requires both protocol design and implementation defenses. The IKEv2 protocol was designed to make it easy to design a defensive implementation. This paper explains the defense strategy designed into the IKEv2 protocol, along with the additional needed implementation mechanisms. It also describes and contrasts several other potential strategies that could work for similar UDP-based protocols.