See below Jared Mauch On Aug 20, 2010, at 6:34 PM, Owen DeLong <owen@delong.com> wrote:
On Aug 20, 2010, at 2:54 PM, Valdis.Kletnieks@vt.edu wrote:
On Fri, 20 Aug 2010 16:08:19 CDT, Butch Evans said:
Maybe I'm missing something. Can you point me to something that will help my understand WHY an ICMP redirect is such a huge security concern? For most of the networks that I manage (or help to manage), I can see no reason why this would be an issue.
In general, it's not a big deal, except that unlike a proper routing protocol where you can redirect a /16 or a /default at a time and withdraw it when needed, ICMP redirects tend to form host routes that have to individually be redirected back if the routing flips back to its original status.
Until a PC or something on the network gets pwned, and issues selective forged ICMP redirects to declare itself a router and the appropriate destination for some traffic, which it can then MITM to its heart's content. *Then* you truly have a manure-on-fan situation.
This is worse than said PC issuing rogue RAs exactly how?
Perhaps we should pressure switch vendors to add ICMP Redirect protection to the RA Guard feature they haven't implemented yet?
One of my points is that redirects are routing updates of a dynamic nature. If the hosts are intended to participate in the routing process perhaps they should speak a protocol that can be secured further vs something that can't. Please join the discussion on ipv6 at ietf. It's part of a router and host requirements document.
Owen