New Results for the PTB-PTS Attack on Tunneling Gateways

Vincent Roca 1 Ludovic Jacquin 2 Saikou Fall 1 Jean-Louis Roch 3
1 PRIVATICS - Privacy Models, Architectures and Tools for the Information Society
Inria Grenoble - Rhône-Alpes, CITI - CITI Centre of Innovation in Telecommunications and Integration of services
3 MOAIS - PrograMming and scheduling design fOr Applications in Interactive Simulation
Inria Grenoble - Rhône-Alpes, LIG - Laboratoire d'Informatique de Grenoble
Abstract : This work analyzes the impacts of the ”Packet Too Big”- ”Packet Too Small” (PTB-PTS) Internet Control Message Protocol (ICMP) based attack against tunneling gateways. It is a follow up of a prior work [2] that detailed how to launch the PTB-PTS attack against IPsec gate- ways (for secure tunnels) and their consequences, ranging from major performance impacts (additional delays at session establishment and/or packet fragmentation) to Denial of Services (DoS). In the present work we examine a much wider range of configurations: we now consider the two IP protocol versions (previous work was lim- ited to IPv4, we add IPv6), two operating systems (previous work was limited to Linux Debian, we add a recent Ubuntu distribution as well as Windows 7), and two tunnelling protocols (previous work was limited to IPsec, we add IPIP). This work highlights the complexity of the situation as different behav- iors will be observed depending on the exact configuration. It also high- lights Microsoft’s strategy when approaching the ”minimum maximum packet size” (i.e., minimum MTU) any link technology should support: if Windows 7 mitigates the attack in IPv4 (there is no DoS), however the performance impact remains, and since the technique is inapplicable to IPv6, the attack succeeds in that case. Finally, this work highlights a fundamental problem: the impossibility to reliably identify illegitimate ICMP error packets coming from the untrusted network.
Document type :
Conference papers
Liste complète des métadonnées

Cited literature [4 references]  Display  Hide  Download

https://hal.inria.fr/hal-01245629
Contributor : Vincent Roca <>
Submitted on : Friday, May 20, 2016 - 2:22:33 PM
Last modification on : Saturday, October 27, 2018 - 1:20:16 AM

File

Grehack15_PTB-PTS_attack.pdf
Files produced by the author(s)

Licence


Distributed under a Creative Commons Attribution - NonCommercial - ShareAlike 4.0 International License

Identifiers

  • HAL Id : hal-01245629, version 2

Citation

Vincent Roca, Ludovic Jacquin, Saikou Fall, Jean-Louis Roch. New Results for the PTB-PTS Attack on Tunneling Gateways. GreHack 2015, Cédric Lauradoux, Florent Autréau, Nov 2015, Grenoble, France. ⟨hal-01245629v2⟩

Share

Metrics

Record views

1011

Files downloads

97