Thread Links Date Links
Thread Prev Thread Next Thread Index Date Prev Date Next Date Index

RE: [LinkSec] http://www.ieee802.org/linksec/Meetings/Jan03/Seaman_1_0103.pdf


Mick,

Yes, it is a DoS. I just wanted to distinguish it from some brute-force
QoS attacks. Depending on the mechanism we use to support roaming, such
replays can potentially cause serious damage without sending a huge
amount of traffic.

Xinhua "Joshua" Zhao
Scientist
Cranite Systems, Inc.
6620 Via Del Oro
Second Floor
San Jose, CA 95119

-----Original Message-----
From: owner-stds-802-linksec@majordomo.ieee.org
[mailto:owner-stds-802-linksec@majordomo.ieee.org] On Behalf Of Mick
Seaman
Sent: Friday, January 03, 2003 8:33 AM
To: stds-802-linksec@ieee.org
Subject: RE: [LinkSec]
http://www.ieee802.org/linksec/Meetings/Jan03/Seaman_1_0103.pdf

I think that the threat that Joshua mentions is another DoS threat, no
more.

Mick

> -----Original Message-----
> From: owner-stds-802-linksec@majordomo.ieee.org
> [mailto:owner-stds-802-linksec@majordomo.ieee.org]On Behalf Of Mani,
> Mahalingam (Mahalingam)
> Sent: Thursday, January 02, 2003 7:05 PM
> To: Joshua Zhao; mick_seaman@ieee.org; stds-802-linksec@ieee.org
> Subject: RE: [LinkSec]
> http://www.ieee802.org/linksec/Meetings/Jan03/Seaman_1_0103.pdf
> 
> 
> 
> That's a valid threat.
> 
> Is such a threat a concern for just the window of time that 'older'
> bridge takes to age its controlled port closed in the absence of a
> dissociate?
> 
> -mani
> > -----Original Message-----
> > From: Joshua Zhao [mailto:jzhao@cranite.com]
> > Sent: Thursday, January 02, 2003 6:34 PM
> > To: mick_seaman@ieee.org; stds-802-linksec@ieee.org
> > Subject: RE: [LinkSec]
> > http://www.ieee802.org/linksec/Meetings/Jan03/Seaman_1_0103.pdf
> > 
> > 
> > I just want to comment on the potential threat that replays 
> can pose.
> > 
> > Lack of replay attack can potentially be detriment to support for
> > roaming. In case that the bridges use the arriving of legitimate
> frames
> > from a certain station on a given port to infer the current 
> attachment
> > point of the station, replays at an access point other than the
> > station's current point of attachment can potentially mislead the
> system
> > as to the whereabouts of the station. This could be a 
> serious threat.
> > 
> > Regards,
> > 
> > Joshua
> > Scientist
> > Cranite Systems, Inc.
> > 6620 Via Del Oro
> > San Jose, California 95119
> > 
> > > -----Original Message-----
> > > From: Mick Seaman [mailto:mick_seaman@ieee.org]
> > > Sent: Thursday, January 02, 2003 1:23 PM
> > > To: stds-802-linksec@ieee.org
> > > Subject: RE: [LinkSec]
> > > http://www.ieee802.org/linksec/Meetings/Jan03/Seaman_1_0103.pdf
> > >
> > >
> > > Russ,
> > >
> > > Thanks for the comments.
> > >
> > > On the subject of replay you are right, generally I am 
> not concerned
> > about
> > > replay being used to subvert a service for which most critical
> > > communication
> > > is using an ordering/sequencing/duplicate suppression protocol on
> top.
> > > However I would like to understand more about the threat 
> that replay
> > could
> > > pose at this layer, my imagination is not doing a great 
> job on this
> > > subject
> > > so any examples (other than ones that simply result in denial of
> > service)
> > > would help.
> > >
> [...]
> 
>