[ntp:questions] Re: server's address in ntp payload?

Danny Mayer mayer at ntp.isc.org
Mon Nov 28 04:16:23 UTC 2005


David Schwartz wrote:
> "Danny Mayer" <mayer at ntp.isc.org> wrote in message 
> news:4389126F.9030603 at ntp.isc.org...
> 
> 
>>David Schwartz wrote:
> 
> 
>>>    Anyone who thinks you can use IP addresses to protect against MIM
>>>attacks doesn't understand what a MIM attack is. The MIM can certainly 
>>>spoof
>>>each end's IP address to the other machine.
> 
> 
>>You need to understand it's usage within the autokey protocol to
>>understand that there's a lot more that goes into it than just the IP
>>addresses.
> 
> 
>     I do.
> 
I think you don't. In order to be a MIM you need to interfere in one of
three ways: 1) as a source point, 2) in the middle of the key dance, or
3) after the authentication is complete.

1) For the first case, you need the key, otherwise the client won't get
a match. If you have the key, your certificates won't since they are
also signed and the certification will fail.
2) If MIM attacks in the middle, then the authentication will fail since
the algorithm has passed beyond the starting point and you are unlikely
to get right the code in use at that point.
3) If you attack after authentication has been established then you will
fail because you need the right code to return to the sender and it
changes with each exchange.

> 
>>IP addresses are easy to spoof, but the usage within autokey
>>is not.
> 
> 
>     That is a meaningless statement. If you mean that the autokey protocol 
> has security that has nothing to do with IP addresses that prevent MIM 
> attacks, you would be correct. However, the use of an IP address as a key 
> for lookups has nothing to do with autokey's MIM protection.
> 
There's nothing to look up. It's just part of the ingredients.

> 
>>You are confusing the addresses for their usage within the protocol.
> 
> 
>     No, I'm not. I'm simply saying that the IP address is of no use to 
> protect against a MIM. The algorithm would work exactly the same and just as 
> well without the IP address. A randomly chosen 32-bit number included in 
> every packet would protect against MIM-attacks equally well.
> 

Possibly, but by including it, you are requiring that the source
addresss in the packet be agreed upon prior to the exchange requiring
that the MIM spoof the address as well. When MIM fails to send the
correct authentication code, the packet is dropped as it fails
authentication. If it sends it from a different address, it's considered
a new server and has to be authenticated and since it's a different
address it will be ignored as it was not listed as a server address.

>     Part of the point of a MIM attack is to presume that attacker has full 
> control over the IP addresses. A randomly-chosen 32-bit integer would do the 
> same thing and equally well be under control of the MIM.
> 
Which is why it's only used as an indicator and not an identifier of the
source.

Danny




More information about the questions mailing list