UDLR WG 52nd IETF - PowerPoint PPT Presentation

1 / 6
About This Presentation
Title:

UDLR WG 52nd IETF

Description:

it may be fairly easy for unauthorised receivers to listen to HELLO packets and ... may be used to prevent unauthorised receivers from obtaining this information. ... – PowerPoint PPT presentation

Number of Views:33
Avg rating:3.0/5.0
Slides: 7
Provided by: unkn1173
Category:
Tags: 52nd | ietf | udlr | unauthorised

less

Transcript and Presenter's Notes

Title: UDLR WG 52nd IETF


1
UDLR WG 52nd IETF
ltdraft-ietf-udlr-security-00.txtgt December 11th,
2001 Salt Lake City US Emmanuel Duros UDcast
2
Identifying Security Implications
  • Abstract
  • The purpose of this document is to attempt to
    identify any potential security implications
    related to this mechanism in order to help
    operators set up adequate securing mechanisms.
  • 1 Introduction
  • Presentation of the document
  • 2 Terminology
  • Mostly taken from RFC 3077

3
Generic Topology using LLTM
  • 3 General overview
  • Unidirectional Link
  • ----gt------------------------------gt------

    fuip r1u r2u
  • -------- --------
    -------- ---------- Feed
    Recv 1 Recv 2---subnet A --------
    -------- -------- ----------
    fbip r1b r2b

    ----------------------------------------
    ------------ Internet
    ----------------------------
    ------------------------ Figure 1
    Typical topology using LLTM
  • Description on how packets flow

4
DTCP protocol
  • 4 DTCP protocol
  • Feeds periodically announce their tunnel
    end-point addresses over the unidirectional link.
  • it may be fairly easy for unauthorised receivers
    to listen to HELLO packets and discover the feed
    tunnel end-point(s).
  • link-layer security mechanisms may be used to
    prevent unauthorised receivers from obtaining
    this information.

5
Tunnelling Mechanism
  • 5 Tunneling Mechanism
  • -------------------------------------
    ---
  • IP delivery destination addr fbip
  • header source addr r1b or r2b
  • IP proto GRE (47)
  • -------------------------------------
    ---
  • GRE header type MAC type of the UDL
  • -------------------------------------
    ---
  • GRE payload
  • MAC packet
  • -------------------------------------
    ---
  • Stateless IP tunnels are not secure
  • Unauthorized receiver may tunnel packets to the
    feed and gain access to the service
  • setup a firewall near the feed with IP-src-addr
    based filtering
  • Not efficient against IP spoofing
  • Use of authentication in the delivery protocol
    (RFC 2402) or within the tunneling mechanism

6
Routing Protocols
  • 6 Routing Protocol
  • we consider receivers which are routers
  • routers may implement various routing protocols
    (e.g. BGP, OSPF, PIM, etc.)
  • some of them may not be authorized to announce
    routing information
  • routing protocols should use authentication
    mechanisms when available
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2025 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "UDLR WG 52nd IETF" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!