Re: [lisp-interest] LISP-ALT and security

[Erik Nordmark <erik.nordmark@sun.com>]

Scott Brim wrote:

> Here's my take.  There are two issues.  One is misconfiguration and the 
> other is security.
>
> Re misconfiguration: In order to receive a Map-Request at all on the 
> ALT, the ETR (or its agent) needs to have an authenticated TCP 
> connection with an ALT router responsible for aggregating its prefix, 
> and also needs to have advertised its prefix to the ALT router and had 
> that advertisement authenticated (that it is advertising no more than it 
> is known to be responsible for).  So the _receipt_ of the Map-Request is 
> pretty well covered, and if it receives it the ETR is correctly 
> configured for the prefix it is supposed to advertise to the ALT.  The 
> ETR could possibly be misconfigured so that it sends the wrong prefix in 
> a Map-Reply, if that configuration is independent.
>
> Re security: If the edge router is compromised you are completely hosed 
> all around anyway, so LISP+ALT adds no new security issues.

If the ETR for 240.1.2.0/24 is compromised I can see that it is ok if 
that has an effect on packets destined to 240.1.2.0/24.

But having it affect packets destined to a shorter prefix like 
240.1.0.0/16 seems like a new security problem.

   Erik