icos-2----Page:5
1  2  3  4  5  6  7  8  9  10  11  12  13  14  15  16  17  18 

Threat Model Documents RFC 3756, “IPv6 Neighbor Discovery (ND) Trust Models and Threats”, May 2004 RFC 3118, “Authentication for DHCP Messages” draft-ietf-dhc-v4-threat-analysis-02.txt, “Dynamic Host Configuration Protocol for IPv4 (DHCPv4) Threat Analysis”, April 2004 draft-prigent-dhcpv6-threats-00.txt, “DHCPv6 Threats”, March 2001 Threats Rogue configuration servers (man-in-the-middle, DoS) Redirect attacks (e.g. rogue default gateway, DNS server) DoS attack via invalid configuration Accidentally configured configuration servers Rogue clients (DoS) Impersonation of another client Resource exhaustion attack on server (more likely on IPv4) CPU exhaustion (if heavyweight computation required) Non-threats Disclosure MAC, IP addresses are public information Most server addresses considered public information Not clear what, if any configuration data is sensitive

PPT Version