SORT BY:

LIST ORDER
THREAD
AUTHOR
SUBJECT


SEARCH

IPS HOME


    [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

    Re: iSCSI: Text request/response spanning - security issue?



    Luben,
    
    > A rougue/badly implemented T/I can use this ``feature''
    > to completely drain the I/T resources and stall its
    > operation.
    
    I assume you are describing a DoS attack on an iSCSI peer -
    it isn't exactly limited only to this feature, there are several other
    ways - not sending a Login Request at all after the TCP connection
    establishment, not setting the F-bit/T-bit etc.  will all result in this
    problem.
    
    The expectation is that implementations will set the right timeouts
    to detect and get out of these conditions.  The state transitions 
    (chapter 5) allow these timeouts as legal events that could cause a 
    Login failure.  Also take a look at section 6.8, which deals with 
    timeouts in text negotiations.
    --
    Mallikarjun
    
    Mallikarjun Chadalapaka
    Networked Storage Architecture
    Network Storage Solutions Organization
    Hewlett-Packard MS 5668 
    Roseville CA 95747
    cbm@rose.hp.com
    
    ----- Original Message ----- 
    From: "Luben Tuikov" <luben@splentec.com>
    To: "iSCSI" <ips@ece.cmu.edu>; "Julian Satran" <Julian_Satran@il.ibm.com>; "Mallikarjun C." <cbm@rose.hp.com>
    Sent: Thursday, March 28, 2002 4:12 PM
    Subject: Text request/response spanning - security issue?
    
    
    > A key=value pair can span multiple Text Request/Response PDU's.
    > 
    > A rougue/badly implemented T/I can use this ``feature''
    > to completely drain the I/T resources and stall its
    > operation.
    > 
    > I.e. the node will keep the data and wait indefinitely until
    > 0x00 in order to process the request. If 0x00 is never
    > received, the node will eventually run out of memory.
    > 
    > If such an implementation is in kernel space,
    > then after such an attack, the only solution
    > is the big red button.
    > 
    > -- 
    > Luben
    > 
    


Home

Last updated: Thu Mar 28 21:18:18 2002
9372 messages in chronological order