<< | Thread Index | >> ]    [ << | Date Index | >> ]

Subject: Re: Suggestions for changes/improvements for the CIPE protocol
From: Alan Stern <stern,AT,rowland,DOT,harvard,DOT,edu>
Date: Mon, 28 Oct 2002 20:01:05 +0100
In-reply-to: <9uuqru4l3rvs9gq8u4ina6qm4ch7hlp9rc@4ax.com>

On Mon, 28 Oct 2002, Ganesh Sittampalam wrote:

> On Mon, 21 Oct 2002 09:44:18 -0400 (EDT), Alan Stern
> <stern,AT,rowland,DOT,harvard,DOT,edu> wrote:
> >could not encrypt the forged address.  An objection is that often a
> >host does not know its own UDP address (if it is behind a firewall
> >that uses NAT, for example).  That presents no difficulty; we can add
> >a field to the echo-reply packet which should contain the sending UDP
> >address of the corresponding echo-request.  Thus a host can learn its
> >UDP address simply by asking its peer.  However, I believe this whole
> This is just as vulnerable to the man-in-the-middle attack where the
> attacker can substitute packets, however. The machine that didn't know its
> own UDP address would have to at least have some idea of what could be a
> correct UDP address and what couldn't.
> Ganesh

True.  If there is a man-in-the-middle who can intercept and substitute
packets, then there is no hope of setting up any kind of communication
whatsoever, encrypted or not.  That applies to any network protocol, not
just to CIPE.

In this particular case, the effects could be mitigated slightly by
encrypting the echo-request and echo-reply.  However, this does not
address the general problem that CIPE packets don't contain strong
authentication.  My feeling was that the solution I proposed was better
than the current protocol and was as strong as reasonable given that I did
not want to change the protocol very much or make it a lot more

Alan Stern

<< | Thread Index | >> ]    [ << | Date Index | >> ]