[ietf78-tech] IETF Security Issues

Liu wu (Tsinghua CERNET) liuwu at cernet.edu.cn
Wed Jul 28 15:21:38 PDT 2010 

Some of Network Security Issues during the 78th IETF Meeting
During the network deployment and the operation for the 78th IETF Meeting, I found some of the network security problems which are very serious.

1.      Dos Attack
To produce a Dos Attack in a sub-network (wired or wireless), it just needs to execute the following command:

arpspoof -i wlan0 130.129.112.1



Figure 1 Dos Attack in a Sub-network

This will crash the entire sub-network, and this attack command can be executed by any host in the same sub-network without login as a legitimate user.

2.      Username and Password Eavesdropping during ietf-portal Authentication
Even if the ietf-portal authentication web page is transmitted via the Secure Socket Layer protocol SSL, the username and password of the login account can still be decrypted by attacker, which can be shown in Figure 2 and Figure 3.



Figure 2 Login Account Stolen ¨C a user is authenticating by username and password via SSL 



Figure 3 Login Account Stolen ¨C both the encrypted username and password had been Eavesdropped and decrypted by attacker

3.      Application Layer Attack
After the login account has been decrypted by the attacker, he/she can do many attacks as a legitimate user of the network, such as DHCP attack, DNS attack and Application Layer Protocol attack etc. 

In Figure 4, I just show you an example of email account information eavesdropping attack. 



Figure 4 Application Layer Attack ¨C both the encrypted username and password had been stolen and decrypted by attacker

4.      Decryption of Encrypted Protocol
Some attackers can even steal information even if it is transmitted via encrypted traffic. As an example, In Figure 5, 6 and 7, I show you the username and password decryption attack in SSH protocol.

To get the encrypted SSH username and password, the attacker just need to start a simple command shown in Figure 5. 



Figure 5 SSH Username and Password Decryption ¨C Start the SSH Man-In-The-Middle Attack

During the authentication of SSH username and password mode (as shown in Figure 6), the information about the username and password provided by the SSH client is captured and decrypted by the attacker as shown in Figure 7.



Figure 6 SSH Username and Password Decryption ¨C A SSH Client is authenticating with the SSH Sever



Figure 7 SSH Username and Password Decryption ¨C The encrypted username and password have been decrypted by attacker

 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.daedelus.com/pipermail/ietf78-tech/attachments/20100729/87a0f8e8/attachment-0001.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 37467 bytes
Desc: not available
Url : http://www.daedelus.com/pipermail/ietf78-tech/attachments/20100729/87a0f8e8/attachment-0007.jpe 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 35059 bytes
Desc: not available
Url : http://www.daedelus.com/pipermail/ietf78-tech/attachments/20100729/87a0f8e8/attachment-0008.jpe 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 36196 bytes
Desc: not available
Url : http://www.daedelus.com/pipermail/ietf78-tech/attachments/20100729/87a0f8e8/attachment-0009.jpe 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 35118 bytes
Desc: not available
Url : http://www.daedelus.com/pipermail/ietf78-tech/attachments/20100729/87a0f8e8/attachment-0010.jpe 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 30065 bytes
Desc: not available
Url : http://www.daedelus.com/pipermail/ietf78-tech/attachments/20100729/87a0f8e8/attachment-0011.jpe 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 27984 bytes
Desc: not available
Url : http://www.daedelus.com/pipermail/ietf78-tech/attachments/20100729/87a0f8e8/attachment-0012.jpe 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 54701 bytes
Desc: not available
Url : http://www.daedelus.com/pipermail/ietf78-tech/attachments/20100729/87a0f8e8/attachment-0013.jpe

More information about the ietf78-tech mailing list