Re: Should routers send redirects by default?

[Jared Mauch <jared () puck nether net>]

See below

Jared Mauch

On Aug 20, 2010, at 6:34 PM, Owen DeLong <owen () delong com> wrote:

> On Aug 20, 2010, at 2:54 PM, Valdis.Kletnieks () vt edu wrote:
>
> > On Fri, 20 Aug 2010 16:08:19 CDT, Butch Evans said:
> >
> > > Maybe I'm missing something.  Can you point me to something that will
> > > help my understand WHY an ICMP redirect is such a huge security concern?
> > > For most of the networks that I manage (or help to manage), I can see no
> > > reason why this would be an issue.
> >
> > In general, it's not a big deal, except that unlike a proper routing protocol
> > where you can redirect a /16 or a /default at a time and withdraw it when
> > needed, ICMP redirects tend to form host routes that have to individually be
> > redirected back if the routing flips back to its original status.
> >
> > Until a PC or something on the network gets pwned, and issues selective forged
> > ICMP redirects to declare itself a router and the appropriate destination for
> > some traffic, which it can then MITM to its heart's content. *Then* you truly
> > have a manure-on-fan situation.
>
> This is worse than said PC issuing rogue RAs exactly how?
>
> Perhaps we should pressure switch vendors to add ICMP Redirect
> protection to the RA Guard feature they haven't implemented yet?


One of my points is that redirects are routing updates of a dynamic nature. If the hosts are intended to participate in 
the routing process perhaps they should speak a protocol that can be secured further vs something that can't. 

Please join the discussion on ipv6 at ietf. It's part of a router and host requirements document. 


> Owen