New Results for the PTB-PTS Attack on Tunneling Gateways

Vincent Roca 1 Ludovic Jacquin 2 Saikou Fall 1 Jean-Louis Roch 3
1 PRIVATICS - Privacy Models, Architectures and Tools for the Information Society
Inria Grenoble - Rhône-Alpes, CITI - CITI Centre of Innovation in Telecommunications and Integration of services
3 MOAIS - PrograMming and scheduling design fOr Applications in Interactive Simulation
Inria Grenoble - Rhône-Alpes, LIG - Laboratoire d'Informatique de Grenoble
Abstract : This work analyzes the impacts of the ”Packet Too Big”- ”Packet Too Small” (PTB-PTS) Internet Control Message Protocol (ICMP) based attack against tunneling gateways. It is a follow up of a prior work [2] that detailed how to launch the PTB-PTS attack against IPsec gate- ways (for secure tunnels) and their consequences, ranging from major performance impacts (additional delays at session establishment and/or packet fragmentation) to Denial of Services (DoS). In the present work we examine a much wider range of configurations: we now consider the two IP protocol versions (previous work was lim- ited to IPv4, we add IPv6), two operating systems (previous work was limited to Linux Debian, we add a recent Ubuntu distribution as well as Windows 7), and two tunnelling protocols (previous work was limited to IPsec, we add IPIP). This work highlights the complexity of the situation as different behav- iors will be observed depending on the exact configuration. It also high- lights Microsoft’s strategy when approaching the ”minimum maximum packet size” (i.e., minimum MTU) any link technology should support: if Windows 7 mitigates the attack in IPv4 (there is no DoS), however the performance impact remains, and since the technique is inapplicable to IPv6, the attack succeeds in that case. Finally, this work highlights a fundamental problem: the impossibility to reliably identify illegitimate ICMP error packets coming from the untrusted network.
Type de document :
Communication dans un congrès
GreHack 2015, Nov 2015, Grenoble, France. 2015, 〈http://www.grehack.fr/〉
Liste complète des métadonnées

Littérature citée [4 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/hal-01245629
Contributeur : Vincent Roca <>
Soumis le : vendredi 20 mai 2016 - 14:22:33
Dernière modification le : dimanche 22 mai 2016 - 01:02:18

Fichier

Grehack15_PTB-PTS_attack.pdf
Fichiers produits par l'(les) auteur(s)

Licence


Distributed under a Creative Commons Paternité - Pas d'utilisation commerciale - Partage selon les Conditions Initiales 4.0 International License

Identifiants

  • HAL Id : hal-01245629, version 2

Collections

Citation

Vincent Roca, Ludovic Jacquin, Saikou Fall, Jean-Louis Roch. New Results for the PTB-PTS Attack on Tunneling Gateways. GreHack 2015, Nov 2015, Grenoble, France. 2015, 〈http://www.grehack.fr/〉. 〈hal-01245629v2〉

Partager

Métriques

Consultations de
la notice

238

Téléchargements du document

51