ࡱ; BR  !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~Root Entry  !"#$%&'()*-./056789:;<=>?@ADEFG !r\V)䰱 PresentationStarImpress 5.0rp0Object 2!C݅)䰱p0Object 4eޅ)䰱Q(SSfxDocumentInfo lkj kj /1Plkj kj /1( uK Info 0 Info 1 Info 2 Info 3 /1~<<TASK,0,1 1,0,100,1,Oh+'0 h t 2@[/r@)@XOutdevItemPool 1   )     &'()*+,-./06789:;UVWXYZ[\]c !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstt      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefd^0o'@qXX',@X'F@2XXXX&X.' @+ X'@Arrow ArrowddXXXS'-@ArrowddArrow}}Arrow Square XXX_XX'R@X,XXXX&X.X6'^@,1XXXX&X.X6X>'@XX'@X @7 @M @c @y @ @ @'@XX'b@C̙ XX X2XD'6@22ddX'(@X'"@ BMvv(@@SD@x^SI 0 s\ z 46ZBn8x)1̔.<觔B+̄ ޢ40:prf |q]~+H~|WFMbP@aoCē[ȡz6~U{߃7@=<( 4XXXX&X.X6X>XFXNXVX^XfXnXvX~XXXXXXXXXXXXXXXXXXKK@,XX(L @MM @NN @OO @+PP @AQQ@]XRR@XSSF@ E XXXX&X.TT @UU@ %XXVV@5)XXWW @SXX @iYY @ZZ @[[ @\\ @]] @^^ @__ @`` @aa @/bb @Ecc @[dd @qee @8@''~'''''' '' ''' ''''' ''''' '''''XXX X&X,X2XDXJX\XnXXXX @;''''''''XXX&X,X8XDXVX\**<@'XXXX X&77<@'XXXX X&HH@c+'+''+''''g*@'g*@'' g*@'1'' g*@'1'' 6 ' g*@'1''g* @'1''+'''' g*@''XXX X,X2X8XVX\XtXXXXXXX4XRff.4@-3QQVVJJKKQQVVJJKKJJKK#JJKK#JJKKSSUUVVJJKKSSUUVVJJ JJKKSSUUVV JJKKSSUUVV QQVV JJKKSSUUVV JJKKSSUUVVJJKKSSUUVVJJKKSSUUVVJJ KKSSUUVVJJKKSSUUVVJJKKRRJJ KKSSUUVVJJ KKSSUUVVJJ KKSSUUVVJJKKSSUUVV JJKKRRJJ KKSSUUVVJJKKSSUUVVJJKKSSUUVVJJKKSSUUVVJJKKSSUUVVJJJJKKSSUUVVJJ JJKKSSUUVV!JJKKSSUUVV"JJKKSSUUVV#JJKKSSUUVV$JJKKSSUUVV%JJKKSSUUVV&JJKKSSUUVV'JJKKSSUUVV(JJKKSSUUVV)JJKKSSUUVV*JJKKSSUUVV+JJKKSSUUVV,JJ KKSSUUVVXXX&XDXVXhXzXXXXXX(XLXpXXXXXX<X`XXXXXX,XPXtXXXXXXX@XdXXXXXX<X`8p/ "8NdzT$:Pf|,BXn  4 J ` v  & < R z   . D Z p j  B(>Tj0Fbf PhEditEngineItemPool k 6fb0g*E@f0 ",StarBatsN-",StarBatsN-",StarBatsN-"` ` ,StarBatsN-" ,StarBatsN-",StarBatsN-"hh,StarBatsN-",StarBatsN-",StarBatsN-"pp,StarBatsN- "X,StarBatsN-",StarBatsN-",StarBatsN-"` ` ,StarBatsN-" ,StarBatsN-",StarBatsN-"hh,StarBatsN-",StarBatsN-",StarBatsN-"pp,StarBatsN- ",StarBatsN-",StarBatsN-",StarBatsN-"` ` ,StarBatsN-" ,StarBatsN-",StarBatsN-"hh,StarBatsN-",StarBatsN-",StarBatsN-"pp,StarBatsN- Z d"|,StarBatsN-` ` ,StarBatsNK",StarBatsN-,StarBatsNK"pp,StarBatsN-"  ,StarBatsN-" ,StarBatsN-"%%,StarBatsN-"0*0*,StarBatsN-0 r,StarBats-r,StarBats-r,StarBats-r ,StarBats-r,StarBats-r,StarBats-rpp,StarBats-rXX,StarBats-r@@,StarBats-r(#(#,StarBats- "XX,StarBatsi-",StarBatsi-",StarBatsi-"` ` ,StarBatsi-" ,StarBatsi-",StarBatsi-"hh,StarBatsi-",StarBatsi-",StarBatsi- ",starbats K",starbats K",starbats K"` ` ,starbats K" ,starbats K",starbats K"hh,starbats K",starbats K",starbats K"pp,starbats K ",starbats K",starbats K",starbats K"` ` ,starbats K" ,starbats K",starbats K"hh,starbats K",starbats K",starbats K"pp,starbats K  /,starbats d/,starbats d/,starbats d/` ` ,starbats d/ ,starbats d/,starbats d/hh,starbats d/,starbats d/,starbats d/pp,starbats d  " ,starbats K",starbats K",starbats K"` ` ,starbats K" ,starbats K",starbats K"hh,starbats K",starbats K",starbats K"pp,starbats K # 1,starbats K1,starbats K1,starbats K1` ` ,starbats K1 ,starbats K1,starbats K1hh,starbats K1,starbats K1,starbats K1pp,starbats K  1  ,starbats K1,starbats K1,starbats K1` ` ,starbats K1 ,starbats K1,starbats K1hh,starbats K1,starbats K1,starbats K1pp,starbats K  1 ,starbats K1,starbats K1,starbats K1` ` ,starbats K1 ,starbats K1,starbats K1hh,starbats K1,starbats K1,starbats K1pp,starbats K  1- - ,starbats K1,starbats K1,starbats K1` ` ,starbats K1 ,starbats K1,starbats K1hh,starbats K1,starbats K1,starbats K1pp,starbats K 1 ,starbats K1,starbats K1,starbats K1` ` ,starbats K1 ,starbats K1,starbats K1hh,starbats K1,starbats K1,starbats K1pp,starbats K 1 ,starbats K1,starbats K1,starbats K1` ` ,starbats K1 ,starbats K1,starbats K1hh,starbats K1,starbats K1,starbats K1pp,starbats K  1 ,starbats K1,starbats K1,starbats K1` ` ,starbats K1 ,starbats K1,starbats K1hh,starbats K1,starbats K1,starbats K1pp,starbats KXX,XJXh XTXrX*XHXf X$X(X,X0X4X9X8=XVA6' @[f@}f0 XX@g,dddx dddxdddx\ddDddddxdddxFddddddxdddx dddx dddx dddx dddx dddxdddxdddxxdddxYXX!X4XGXZXmXXXXXXXXXX+X><( (@Ph XXX (P@O z0StarBats!"-+ starbats!"KStarBats!r-StarBatsX!"-StarBatsX!"-StarBats!"-StarBats!"-StarBats!r-b starbats!"K StarBatsX!"- (StarBats!"- StarBats!r- ^ starbats!"K  starbats!"K  starbats!/d StarBatsX!"-I starbats!"KStarBats!r-' starbats!"KhStarBats!"-J starbats!1KStarBatsX!"- starbats!"KStarBats!r-) starbats!"KEStarBats!"- starbats!1K starbatsX!"KStarBatsX!"-1 starbats!"KStarBats!r-/ starbats!1K (StarBats!"-!StarBatsX!"-"%StarBats!"-#StarBats!r-$ starbats!"K%S starbats!1K&StarBatsX!"-'  starbats!"K(StarBats!r-)StarBatsX!"-* starbats!"K+StarBats!r-,StarBats!"--  starbats!1K.StarBatsX!"-/| starbats!"K0StarBats!r-13StarBats!"-2D starbats!"K3; starbats!1K4StarBatsX!"-5m starbats!"K6StarBats!r-7E starbats!1K8StarBats!"-9 starbats!"K:StarBatsX!"-;StarBats!"-<StarBats!r-=< starbats!"K>7 starbats!1K?StarBatsX!"-@  starbats!"KAStarBats!r-BStarBatsX!"-CA starbats!"KDStarBats!r-E starbats!1KF starbats!1KG starbats!"KH#StarBatsX!"-Io starbats!"KJStarBats!r-KStarBats!"-L starbats!"KM* starbats!1KN starbats!1KXXGXXXX+XdXXXXHXXXX,XeXXXXIXXXX-XfXXXXJXXXX.XgXXXXKXXXX/ Xh X X X XL X X X X0 Xi X X X XM X X X X1 Xj X X XXNXXXX2XkXXXXOXXXX3Xl@'"@"}>dddddXdddd,dd|d@ddd`  dddhddddddpddd  xddd (#ddd% 'ddd0* :dddX ddddddXdddddd ddd dddXdddddd ddd dddddd ddd dddddd ddd ddd- ddd- dddddd ddd!dddYXX!X4XGXZXmXXXXXXXXXX+X>XQXdXwXXXXXXXXX"X5XHX[XnXA'@~0dddddd-ddddddd,dddPdddXXX&X2X>XJXVXb1'7@<0ddXXX$+'(@pTXXX'@b . X!'@X'K@timesoterminalfJcourierXXX1'@Հ Nd 4d d  d {d d d Uhd d `d 0d id qd  d YDd Wd XXX"X,X6X@XJXTX^XhXrX|XXXX?( @+'%@P,fXXX'@|>XX'@X'@ÁXX'@E2#XX'@E:XX%' @1S' @G"' @]' @s@X{(X@p?mailto:jetienne@arobas.netjetienne@arobas.netW!X!XEEFGGZ]^^_+_Q__``` a,aTa|aaaaaabP g* "XX,StarBatsN-",StarBatsN-",StarBatsN-"` ` ,StarBatsN-" ,StarBatsN-",StarBatsN-"hh,StarBatsN-",StarBatsN-",StarBatsN-"pp,StarBatsN- (StarBats!"-+'!''times'Dd ''.6qy2 +StandardStandard#'''''''''''''''+;(,,--..g* (@'A'1'+'!'''''''''Object with arrowStandardObject with arrow'''''''Object with shadowStandardObject with shadow+;(,,--..Object without fillStandardObject without fill'TextStandardText'' Text bodyStandard Text body'''Text body justfiedStandardText body justfied''+'First line indentStandardFirst line indent''g*@'TitleStandardTitle'''Title1StandardTitle1 '''+;(,,--..+''Title2StandardTitle2 ''+;(,,--..g*@'A'+''HeadingStandardHeading''A''Heading1StandardHeading1''A'''Heading2StandardHeading2''A''''Dimension LineStandardDimension Line'''''''Home~LT~Gliederung 1Home~LT~Gliederung 1''g*@'A'+'!'''''''''Home~LT~Gliederung 2Home~LT~Gliederung 1Home~LT~Gliederung 2@'A'' Home~LT~Gliederung 3Home~LT~Gliederung 2Home~LT~Gliederung 3@'A''Home~LT~Gliederung 4Home~LT~Gliederung 3Home~LT~Gliederung 4@'A'' Home~LT~Gliederung 5Home~LT~Gliederung 4Home~LT~Gliederung 5@'A'' Home~LT~Gliederung 6Home~LT~Gliederung 5Home~LT~Gliederung 6@'A'' Home~LT~Gliederung 7Home~LT~Gliederung 6Home~LT~Gliederung 7@' A'' Home~LT~Gliederung 8Home~LT~Gliederung 7Home~LT~Gliederung 8@' A'' Home~LT~Gliederung 9Home~LT~Gliederung 8Home~LT~Gliederung 9@' A'' Home~LT~Titel Home~LT~Titel''QQg*+'!''' ''''''Home~LT~UntertitelHome~LT~Untertitel''QQg*@' +'!''' ''''''Home~LT~NotizenHome~LT~Notizen ''!'''''''''Home~LT~HintergrundobjekteHome~LT~Hintergrundobjekte+;(,,--..Home~LT~HintergrundHome~LT~Hintergrund''TitleTitle@SubtitleSubtitle@Background objectsBackground objects@ Background Background@NotesNotes@ Outline 1 Outline 1@ Outline 2 Outline 1 Outline 2@ Outline 3 Outline 2 Outline 3@ Outline 4 Outline 3 Outline 4@ Outline 5 Outline 4 Outline 5@ Outline 6 Outline 5 Outline 6@ Outline 7 Outline 6 Outline 7@ Outline 8 Outline 7 Outline 8@ Outline 9 Outline 8 Outline 9@tPDP8> p< n  f 6 b  G z  @fH? lkj kjlkj kj eޅ)䰱ImageStarImage 5.0SfxDocumentInfo  /1(Blkj kj /1(B uK DrMd ?>JoeMn0/1}/1/1QXODrLy LAYER_LAYOUTDrLy LAYER_BCKGRNDDrLy LAYER_BACKGRNDOBJDrLyLAYER_CONTROLSDrLy!LAYER_MEASURELINESDrMP&JoeMlVTDrML DrOb<SVDr&y1A&DrOb<SVDr&;LdA&DrOb<SVDr&y.1LDrOb<SVDr&;.LdLDrXXgg fHome~LT~GliederungDrMP8JoeM`mRDrML DrObSVDr&_mR'Home~LT~Hintergrund_mRDrXXgg NHome~LT~GliederungDrMPJoeMVTlDrML DrObSVDr&T C(0! Home~LT~TitelT C(0dxV4B1OClick to move the slide Home~LT~Titel<( (J@'!DrObSVDr& 3G"]#Home~LT~Notizen 3G"]mxV4B1XClick to edit the notes formatHome~LT~Notizen<( (H@' DrXXgg VHome~LT~GliederungDrPgbJoeMlVTDrML8DrMD,DrXX Handoutsgg FHome~LT~GliederungDrPg%JoeM`mRDrLyLayoutDrLy BackgroundDrLy!Background objectsDrLyControlsDrLyDimension LinesDrML8DrMD,DrObSVDr&lbD *StandardVlbD7xV4B1What: ARP security extensionStandardg*<( (I@'1'$Why: ARP results easily corruptibleStandardg*<( (I@'1'$,How: Authentication of the packet's source Standardg*<( (I@'1',Status: in progressStandardg*<( (I@'1',Who: Jerome Etienne jetienne at arobas.netStandardg*<( (I@'1'+',DrObSVDr&S5dStandardS5dxV4B1 ARPsec:An ARP security extensionStandard<( ("@'+'''      DrXXgg FHome~LT~GliederungDrPgJoeMVTlDrLyLayoutDrLy BackgroundDrLy!Background objectsDrLyControlsDrLyDimension LinesDrML8DrMD,DrOb<SVDr&T C(0DrObSVDr& 3G#]#Home~LT~Notizen 3G#]axV4B1LClick to add notesHome~LT~Notizen<( (H@' DrXXgg NHome~LT~GliederungDrPgXJoeM`mRDrLyLayoutDrLy BackgroundDrLy!Background objectsDrLyControlsDrLyDimension LinesDrML8DrMD,DrObSVDr& ZacK Standard ZacKzxV4B1Y* What is ARP (purpose, basics, weaknesses)Standardg*<( (I@'1'* ARPsecStandardg*<( (I@'1'OverviewStandardg*<( (M@'1''neighbour discoveryStandardg*<( (M@'1'' Key exchangeStandardg*<( (M@'1'' Peer unreachability detectionStandardg*<( (M@'1'' ConclusionStandardg*<( (I@'1'' DrOb SVDr&6`Standard6`xV4B1Table of ContentStandard<( ("@'+'''DrXXgg FHome~LT~GliederungDrPgJoeMVTlDrLyLayoutDrLy BackgroundDrLy!Background objectsDrLyControlsDrLyDimension LinesDrML8DrMD,DrOb<SVDr&T C(0DrObSVDr& 3G#]#Home~LT~Notizen 3G#]axV4B1LClick to add notesHome~LT~Notizen<( (H@' DrXXgg NHome~LT~GliederungDrPgxJoeM`mRDrLyLayoutDrLy BackgroundDrLy!Background objectsDrLyControlsDrLyDimension LinesDrML8DrMD,DrObSVDr&e@ Standarde@xV4B1 Age: 1982Standardg*<( (@'  Spec: RFC826Standardg*<( (@'1' 0Aim: to resolve an hw addr from a protocol oneStandardg*<( (@'1'0Terms: plainARP = current ARP Standardg*<( (@'DrObSVDr&- ?WStandard- ?WxV4B1rARPStandard<( (@'+'''DrXXgg FHome~LT~GliederungDrPgJoeMVTlDrLyLayoutDrLy BackgroundDrLy!Background objectsDrLyControlsDrLyDimension LinesDrML8DrMD,DrOb<SVDr&T C(0DrObSVDr& 3G#]#Home~LT~Notizen 3G#]axV4B1LClick to add notesHome~LT~Notizen<( (H@' DrXXgg NHome~LT~GliederungDrPg  JoeM`mRDrLyLayoutDrLy BackgroundDrLy!Background objectsDrLyControlsDrLyDimension LinesDrML8DrMD,DrObSVDr&1 /SWStandard1 /SWxV4B1y ARP:basicsStandard<( (@'+'''      DrObSVDr& /zbMK StandardY /zbMK:xV4B1!The sender broadcasts a requestStandardg*<( (@'The target replies an answerStandardg*<( (@'1'/The sender caches the results (speed/bandwidth)Standardg*<( (@'/DrObSVDr&&?dM( Standard&_ l'^cl'DrObSVDr&+*! Standardg+*!HxV4B13SenderStandard<( (@'DrObSVDr&GV9! StandardgGV9!HxV4B13TargetStandard<( (@'DrObSVDr&%#& Standard^%#&?xV4B1*LANStandard (@'DrObSVDr&CNX Ps( Standard,&$O9!$O'DrObSVDr& W "r( Standard%!8!!'DrObSVDr&"3% :&  Standard#&$9&DrObSVDr&C8P(HO*  Standard-$91)gN1)DrObSVDr&'"2n& Standardh'"2n&IxV4B14RequestStandard<( (@'DrObSVDr&>)*G, Standardf>)*G,GxV4B12ReplyStandard<( (@'DrXXgg FHome~LT~GliederungDrPgJoeMVTlDrLyLayoutDrLy BackgroundDrLy!Background objectsDrLyControlsDrLyDimension LinesDrML8DrMD,DrOb<SVDr&T C(0DrObSVDr& 3G#]#Home~LT~Notizen 3G#]axV4B1LClick to add notesHome~LT~Notizen<( (H@' DrXXgg NHome~LT~GliederungDrPg  JoeM`mRDrLyLayoutDrLy BackgroundDrLy!Background objectsDrLyControlsDrLyDimension LinesDrML8DrMD,DrObSVDr&1 /SWStandard1 /SWxV4B1x ARP:holesStandard<( ( @'+'''      DrOb:SVDr&q-gN Standardq-gNxV4B1Unauthenticated packetsStandardg*<( ( @'1')Update its cache with any received packetStandardg*<( ( @'1')3If receiver==target, create a cache entry if neededStandardg*<( ( @'1'36attacks: modify/create an entry to reroute the trafficStandardg*<( (@'1'6DrObSVDr&&?dM( Standard&_ l'^cl'DrObSVDr&+*! Standardg+*!HxV4B13SenderStandard<( (@'DrObSVDr&GV9! StandardgGV9!HxV4B13TargetStandard<( (@'DrObSVDr&%#& Standard^%#&?xV4B1*LANStandard (@'DrObSVDr&CNX Ps( Standard,&$O9!$O'DrObSVDr& W "r( Standard%!8!!'DrObSVDr&"3% :&  Standard#&$9&DrObSVDr&C8P(HO*  Standard-$91)gN1)DrObSVDr&'"2n& Standardh'"2n&IxV4B14RequestStandard<( (@'DrObSVDr&>)*G, Standardf>)*G,GxV4B12ReplyStandard<( (@'DrXXgg FHome~LT~GliederungDrPgJoeMVTlDrLyLayoutDrLy BackgroundDrLy!Background objectsDrLyControlsDrLyDimension LinesDrML8DrMD,DrOb<SVDr&T C(0 DrObSVDr& 3G#]#Home~LT~Notizen 3G#]axV4B1LClick to add notesHome~LT~Notizen<( (H@' DrXXgg NHome~LT~GliederungDrPg`JoeM`mRDrLyLayoutDrLy BackgroundDrLy!Background objectsDrLyControlsDrLyDimension LinesDrML8DrMD,DrObSVDr& XWStandard XWxV4B1{ ARP:exploitsStandard<( ( @'+'''      DrObuSVDr&[ihK Standard[ihKxV4B13Vulnerability: any protocol relying on ARP (e.g.IP)Standardg*<( (I@'1'3!Secured traffic (e.g. IPsec, SSL)Standardg*<( (I@'1'! slow downStandardg* <( (M@'1' stop Standardg* <( (M@'1'#Insecure traffic (e.g. plain tcp) Standardg*<( (I@'1'#rerouted toward an attackerStandardg*<( (M@'1'(read, modify, insert and discard packetsStandardg*<( (M@'1'(any man-in-the-middle attackStandardg*<( (M@'1'DrXXgg FHome~LT~GliederungDrPgJoeMVTlDrLyLayoutDrLy BackgroundDrLy!Background objectsDrLyControlsDrLyDimension LinesDrML8DrMD,DrOb<SVDr&T C(0 DrObSVDr& 3G#]#Home~LT~Notizen 3G#]axV4B1LClick to add notesHome~LT~Notizen<( (H@' DrXXgg NHome~LT~GliederungDrPg6JoeM`mRDrLyLayoutDrLy BackgroundDrLy!Background objectsDrLyControlsDrLyDimension LinesDrML8DrMD,DrObSVDr&#[oStandard#[oxV4B1| ARPsec:designStandard<( (8@'+'''      DrObSVDr&^%hE !Standardz^%hE[xV4B1< As close as possible to plainARPStandardg*<( (5@'1' $generic (more than ip and ethernet)Standardg*<( (7@'1'$ same featuresStandardg*<( (7@'1' 4Impossible to create/modify or replay ARPsec packetsStandardg*<( (5@'1'4!Gracefully interact with plainARPStandardg*<( (5@'1'!Unable to claim a fake IPStandardg*<( (5@'1'DrXXgg FHome~LT~GliederungDrPgJoeMVTlDrLyLayoutDrLy BackgroundDrLy!Background objectsDrLyControlsDrLyDimension LinesDrML8DrMD,DrOb<SVDr&T C(0 DrObSVDr& 3G#]#Home~LT~Notizen 3G#]axV4B1LClick to add notesHome~LT~Notizen<( (H@' DrXXgg NHome~LT~GliederungDrPgoJoeM`mRDrLyLayoutDrLy BackgroundDrLy!Background objectsDrLyControlsDrLyDimension LinesDrML8DrMD,DrObSVDr& ^WStandard ^WxV4B1}ARPsec:ModulesStandard<( ( @'+'''DrObkSVDr&J @\2 StandardJ @\2xV4B1ARPke: Key ExchangeStandardg*<( (L@'1' $negotiation of connection attributesStandardg* <( (I@'1'$peer authenticationStandardg* <( (I@'1'keys calculationStandardg* <( (I@'1' User spaceStandardg* <( (I@'1' DrObSVDr& 8>_G StandardG 8>_G(xV4B1ARPres: address resolutionStandardg*<( (G@'1'authenticated plainARPStandardg* <( (C@'1' Kernel spaceStandardg* <( (C@'1' DrXXgg FHome~LT~GliederungDrPgJoeMVTlDrLyLayoutDrLy BackgroundDrLy!Background objectsDrLyControlsDrLyDimension LinesDrML8DrMD,DrOb<SVDr&T C(0DrObSVDr& 3G#]#Home~LT~Notizen 3G#]axV4B1LClick to add notesHome~LT~Notizen<( (H@' DrXXgg NHome~LT~GliederungDrPgZJoeM`mRDrLyLayoutDrLy BackgroundDrLy!Background objectsDrLyControlsDrLyDimension LinesDrML8DrMD,DrObSVDr&5 #,aoStandard5 #,aoxV4B1~ARPsec:overviewStandard<( (@'+'''DrObSVDr&_LStandard_L}xV4B1\Connection stages:Standardg*<( (2@'Standardg*<( (2@'-1) Neighbors discovery: who supports ARPSec ?Standardg*<( (2@'-2) Key exchange:Standardg*<( (2@'1'authenticated diffie-hellman Standardg* <( (3@'1'Shared secret keyStandardg* <( (3@'1'&3) Address resolution and cache updateStandardg*<( (2@'1'&DrXXgg FHome~LT~GliederungDrPgJoeMVTlDrLyLayoutDrLy BackgroundDrLy!Background objectsDrLyControlsDrLyDimension LinesDrML8DrMD,DrOb<SVDr&T C(0DrObSVDr& 3G#]#Home~LT~Notizen 3G#]axV4B1LClick to add notesHome~LT~Notizen<( (H@' DrXXgg NHome~LT~GliederungDrPg<JoeM`mRDrLyLayoutDrLy BackgroundDrLy!Background objectsDrLyControlsD rLyDimension LinesDrML8DrMD,DrOb SVDr&'hStandard'hxV4B1Shared secret keysStandard<( (@'+'''DrObKSVDr&2+\P &Standard2+\PxV4B1Aim: packet authenticationStandardg*<( (I@'1'How: Keyed hash (md5,sha1)Standardg*<( (I@'1''Which: during connection establishmentStandardg*<( (I@'1'' group keyStandardg* <( (M@'1' peer keyStandardg* <( (M@'1'Which: once establishedStandardg*<( (I@'1' session keyStandardg*<( (M@'1' Standardg*<( (N@'1'DrXXgg FHome~LT~GliederungDrPgJoeMVTlDrLyLayoutDrLy BackgroundDrLy!Background objectsDrLyControlsDrLyDimension LinesDrML8DrMD,DrOb<SVDr&T C(0DrObSVDr& 3G#]#Home~LT~Notizen 3G#]axV4B1LClick to add notesHome~LT~Notizen<( (H@' DrXXgg NHome~LT~GliederungDrPg<JoeM`mRDrLyLayoutDrLy BackgroundDrLy!Background objectsDrLyControlsDrLyDimension LinesDrML8DrMD,DrOb SVDr&'hStandard'hxV4B1Shared secret keysStandard<( (@'+'''DrObSVDr&^f Standard^fnxV4B1U%Group key: certificate NOT cachedStandardg*<( (L@'1'%   %Shared by all neighboursStandardg* <( (I@'1'Manually ConfiguredStandardg* <( (I@'1'DrOb\SVDr&Q"d6 StandardQ"d6xV4B1!Peer key: certificate cachedStandardg*<( (L@'1'!    !Shared only by 2 peersStandardg* <( (I@'1'Fixed across connectionStandardg* <( (I@'1'-derived from the shared diffie hellman secretStandardg* <( (I@'1'-DrOb SVDr&^89reM Standard^89reMxV4B1~Session key:Standardg*<( (L@'1'  Shared only by 2 peersStandardg* <( (I@'1'[deviated from the shared diffie hellman secret and data specific to the connection(cookies)Standardg* <( (I@'1'[DrXXgg FHome~LT~GliederungDrPgJoeMVTlDrLyLayoutDrLy BackgroundDrLy!Background objectsDrLyControlsDrLyDimension LinesDrML8DrMD,DrOb<SVDr&T C(0DrObSVDr& 3G#]#Home~LT~Notizen 3G#]axV4B1LClick to add notesHome~LT~Notizen<( (H@' DrXXgg NHome~LT~GliederungDrPg2JoeM`mRDrLyLayoutDrLy BackgroundDrLy!Background objectsDrLyControlsDrLyDimension LinesDrML8DrMD,DrOb SVDr& 8cStandard 8cxV4B1Neigh. DiscoveryStandard<( (@'+'''DrObSVDr& b@ Standards b@TxV4B1;&Why: smooth interaction with plainARPStandardg*<( (/@'&!Aim: Which node supports ARPsecStandardg*<( (/@'1'!How: Marked plainARP requestStandardg*<( (/@'DrXXgg FHome~LT~GliederungDrPgJoeMVTlDrLyLayoutDrLy BackgroundDrLy!Background objectsDrLyControlsDrLyDimension LinesDrML8DrMD,DrOb<SVDr&T C(0DrObSVDr& 3G#]#Home~LT~Notizen 3G#]axV4B1LClick to add notesHome~LT~Notizen<( (H@' DrXXgg NHome~LT~GliederungDrPgvJoeM`mRDrLyLayoutDrLy BackgroundDrLy!Background objectsDrLyControlsDrLyDimension LinesDrML8DrMD,DrObSVDr&^Standard^xV4B1}Ndisc:exchangeStandard<( (1@'+'''DrObSVDr&IxhVI StandardIxhVIxV4B1y%Role of the Initiator and Responder ?Standardg*<( (I@'1'%Packet retransmissionStandardg*<( (I@'1'who: initiatorStandardg* <( (M@'1'howStandardg* <( (M@'1'.Postpone the context creation in the responderStandardg*<( (I@'1'.no DoS based on memory usageStandardg*<( (M@'1'!Why the burden on the initiator ?Standardg*<( (I@'1'!DrXXgg FHome~LT~GliederungDrPgJoeMVTlDrLyLayoutDrLy BackgroundDrLy!Background objectsDrLyControlsDrLyDimension LinesDrML8DrMD,DrOb<SVDr&T C(0DrObSVDr& 3G#]#Home~LT~Notizen 3G#]axV4B1LClick to add notesHome~LT~Notizen<( (H@' DrXXgg NHome~LT~GliederungDrPgmJoeM`mRDrLyLayoutDrLy BackgroundDrLy!Background objectsDrLyControlsDrLyDimension LinesDrML8DrMD,DrObSVDr&^Standard^xV4B1| Ndisc:packetsStandard<( (1@'+'''      DrObSVDr&-Ra""Standard~-Ra"_xV4B1J InitiatorStandardg*<( (2@' DrObSVDr&Z#"Standard~Z#_xV4B1J ResponderStandardg*<( (2@' DrObSVDr&&O,"Standard&O,mxV4B1XMarked plainARP requestStandardg*<( (2@'DrObSVDr&"2wB9"Standard"2wB9dxV4B1OARPsec-supportStandardg*<( (2@'DrObSVDr&/)n[- StandardQ3Yj+=j+DrObSVDr&Z6[: Standard X88DrXXgg FHome~LT~GliederungDrPgJoeMVTlDrLyLayoutDrLy BackgroundDrLy!Background objectsDrLyControlsDrLyDimension LinesDrML8DrMD,DrOb<SVDr&T C(0DrObSVDr& 3G#]#Home~LT~Notizen 3G#]axV4B1LClick to add notesHome~LT~Notizen<( (H@' DrXXgg NHome~LT~GliederungDrPg]JoeM`mRDrLyLayoutDrLy BackgroundDrLy!Background objectsDrLyControlsDrLyDimension LinesDrML8DrMD,DrOb SVDr&cfStandardcfxV4B1Ndisc:marked req.Standard<( (@'+'''DrObSVDr&g4StandardEg4&xV4B1 .Requirement: to be recognize as a ARPsec nodeStandardg*<( (I@'. /Problem: no option field in plainARP's packetStandardg*<( (I@'1'/ RSolution: a kludge i.e. copy the source address in the destination field.Standardg*<( (I@' R  122334455667 Pkt format: Standardg*<( (I@'  DrObSVDr&"4:Q`?  Standard"A:QS?axV4B1LTarget hardware addressStandard<( (@'DrObSVDr&"/?Q[D  Standard")Standardy09Z:>ZxV4B1ESignStandardg*<( (L@'DrObSVDr&=\A StandardiKZ?U?DrObSVDr&R3[7 StandardY55DrObSVDr&.U&4)Standard.U&4xxV4B1c"Cert_i, attr_i, cky_r, cki_i, signStandardg*<( (L@'"DrObSVDr&w JYH]O)Standardw JYH]OhxV4B1SGeneral and cookieStandardg*<( (L@'DrXXgg FHome~LT~GliederungDrPgJoeMVTlDrLyLayoutDrLy BackgroundDrLy!Background objectsDrLyControlsDrLyDimension LinesDrML8DrMD,DrOb<SVDr&T C(0DrObSVDr& 3G#]#Home~LT~Notizen 3G#]axV4B1LClick to add notesHome~LT~Notizen<( (H@' DrXXgg NHome~LT~GliederungDrPg5JoeM`mRDrLyLayoutDrLy BackgroundDrLy!Background objectsDrLyControlsDrLyDimension LinesDrML8DrMD,DrObSVDr&%CHStandard%CHxV4B1uCookieStandard<( (@'+'''DrObSVDr&,|koMStandard,|koMa xV4B1< /Who: inspired from Karn and Simpson in photurisStandardg*<( (@'/Why: Standardg*<( (@'1'0not to create a connection with replayed packet.Standardg*<( (@'1'0(Not to create a context in the responderStandardg*<( (@'1'(randomize the sessions keysStandardg*<( (@'1'How:Standardg*<( (@'1'Secret issued on bootStandardg* <( (@'1'a counter to avoid replayStandardg* <( (@'1'2HMAC(secret, source addr | target addr | counter )Standardg* <( (@'1'2DrXXgg FHome~LT~GliederungDrPgJoeMVTlDrLyLayoutDrLy BackgroundDrLy!Background objectsDrLyControlsDrLyDimension LinesDrML8DrMD,DrOb<SVDr&T C(0!DrObSVDr& 3G#]#Home~LT~Notizen 3G#]axV4B1LClick to add notesHome~LT~Notizen<( (H@' DrXXgg NHome~LT~GliederungDrPg8  JoeM`mRDrLyLayoutDrLy BackgroundDrLy!Background objectsDrLyControlsDrLyDimension LinesDrML8DrMD,DrObSVDr&XAStandardXAxV4B1{ Key exchangeStandard<( (K@'+'''      DrObSVDr&RDb<(Standard~RDb<_xV4B1J InitiatorStandardg*<( (2@' DrObSVDr&}'Standard~}_xV4B1J ResponderStandardg*<( (2@' DrObSVDr&/;,Standardz/;[xV4B1FCky_iStandardg*<( (L@'DrObSVDr&p v#]R()Standardp v#]R(rxV4B1]Cert_r, attr_r, cky_r, cki_iStandardg*<( (L@'DrObSVDr&9\" StandardYI I DrObSVDr&'Q]0, Standard4R[) )DrObSVDr&09Z:>)Standardy09Z:>ZxV4B1ESignStandardg*<( (L@'DrObSVDr&=\A StandardiKZ?U?DrObSVDr&R3[7 StandardY55DrObSVDr&.U&4)Standard.U&4xxV4B1c"Cert_i, attr_i, cky_r, cki_i, signStandardg*<( (L@'"DrObSVDr&+ JnA]O)Standard+ JnA]OaxV4B1L CertificateStandardg*<( (L@' DrObSVDr&F5%, Standard}F5%,^xV4B1ISend responder's certificateStandard<( (K@'DrObSVDr&tW1$o9 Standard}tW1$o9^xV4B1ISend initiator's certificateStandard<( (K@'DrXXgg FHome~LT~GliederungDrPgJoeMVTlDrLyLayoutDrLy BackgroundDrLy!Background objectsDrLyControlsDrLyDimension LinesDrML8DrMD,DrOb<SVDr&T C(0#DrObSVDr& 3G#]#Home~LT~Notizen 3G#]axV4B1LClick to add notesHome~LT~Notizen<( (H@' DrXXgg NHome~LT~GliederungDrPgJoeM`mRDrLyLayoutDrLy BackgroundDrLy!Background objectsDrLyControlsDrLyDimension LinesDrML8DrMD,DrObSVDr&}YStandard}YxV4B1{ CertificatesStandard<( (;@'+'''      DrObSVDr& s^H !Standard` s^HAxV4B1"What is a certificate ?Standardg*<( (I@'1'Need true dataStandardg* <( (M@'1'Signed by a trusted authorityStandardg* <( (M@'1'Hierarchy of authorityStandardg*<( (I@'1'!Unusual because of the ARP natureStandardg*<( (M@'1'!,Authority public key configured in the nodesStandardg*<( (I@'1',DrXXgg FHome~LT~GliederungDrPgJoeMVTlDrLyLayoutDrLy BackgroundDrLy!Background objectsDrLyControlsDrLyDimension LinesDrML8DrMD,DrOb<SVDr&T C(0%DrObSVDr& 3G#]#Home~LT~Notizen 3G#]axV4B1LClick to add notesHome~LT~Notizen<( (H@' DrXXgg NHome~LT~GliederungDrPg-JoeM`mRDrLyLayoutDrLy BackgroundDrLy!Background objectsDrLyControlsDrLyDimension LinesDrML8DrMD,DrObSVDr&UY5StandardUY5xV4B1{ Cert: formatStandard<( (;@'+'''      DrObSVDr& ^lL !Standardr ^lLSxV4B12Public key informationStandardg*<( (I@'1' g**x mod nStandardg* <( (M@'1' diffie-hellman groupStandardg* <( (M@'1'List of addressesStandardg*<( (I@'1'hardwareStandardg*<( (M@'1'protocolStandardg*<( (M@'1'"Unable to claim an illegal addressStandardg*<( (I@'1'"DrXXgg FHome~LT~GliederungDrPgJoeMVTlDrLyLayoutDrLy BackgroundDrLy!Background objectsDrLyControlsDrLyDimension LinesDrML8DrMD,DrOb<SVDr&T C(0'DrObSVDr& 3G#]#Home~LT~Notizen 3G#]axV4B1LClick to add notesHome~LT~Notizen<( (H@' DrXXgg NHome~LT~GliederungDrPg#  JoeM`mRDrLyLayoutDrLy BackgroundDrLy!Background objectsDrLyControlsDrLyDimension LinesDrML8DrMD,DrObSVDr&XAStandardXAxV4B1{ Key exchangeStandard<( (K@'+'''      DrObSVDr&RDb<(Standard~RDb<_xV4B1J InitiatorStandardg*<( (2@' DrObSVDr&}'Standard~}_xV4B1J ResponderStandardg*<( (2@' DrObSVDr&/;,Standardz/;[xV4B1FCky_iStandardg*<( (L@'DrObSVDr&#O()Standard#O(rxV4B1]Cert_r, attr_r, cky_r, cki_iStandardg*<( (L@'DrObSVDr&9\" StandardYI I DrObSVDr&'Q]0, Standard4R[) )DrObSVDr&09Z:>)Standardy09Z:>ZxV4B1ESignStandardg*<( (L@'DrObSVDr&=\A StandardiKZ?U?DrObSVDr&R3[7 StandardY55DrObSVDr&.U&4)Standard.U&4xxV4B1c"Cert_i, attr_i, cky_r, cki_i, signStandardg*<( (L@'"DrObSVDr&p*HJ7=O)Standardp*HJ7=O`xV4B1K AttributesStandardg*<( (L@' DrObSVDr&% "- Standardp% "-QxV4B1<Attribute from policyStandard (K@'DrObSVDr&Y0k7 StandardvY0k7WxV4B1BAttribute negotiationStandard<( (K@'DrXXgg FHome~LT~GliederungDrPgJoeMVTlDrLyLayoutDrLy BackgroundDrLy!Background objectsDrLyControlsDrLyDimension LinesDrML8DrMD,DrOb<SVDr&T C(0)DrObSVDr& 3G#]#Home~LT~Notizen 3G#]axV4B1LClick to add notesHome~LT~Notizen<( (H@' DrXXgg NHome~LT~GliederungDrPgJoeM`mRDrLyLayoutDrLy BackgroundDrLy!Background objectsDrLyControlsDrLyDimension LinesDrML8DrMD,DrObSVDr&KbUAStandardKbUAxV4B1y AttributesStandard<( (K@'+'''      DrOb-SVDr&i> Standardi>xV4B1*Which: Hash function, time to live etc...Standardg*<( (I@'1'* the responder lists propositionsStandardg*<( (I@'1' "the initiator replies its favoriteStandardg*<( (I@'1'"(Proposition's language inspired from ikeStandardg*<( (I@'1'(DrXXgg FHome~LT~GliederungDrPgJoeMVTlDrLyLayoutDrLy BackgroundDrLy!Background objectsDrLyControlsDrLyDimension LinesDrML8DrMD,DrOb<SVDr&T C(0+DrObSVDr& 3G#]#Home~LT~Notizen 3G#]axV4B1LClick to add notesHome~LT~Notizen<( (H@' DrXXgg NHome~LT~GliederungDrPgk  JoeM`mRDrLyLayoutDrLy BackgroundDrLy!Background objectsDrLyControlsDrLyDimension LinesDrML8DrMD,DrObSVDr&XAStandardXAxV4B1{ Key exchangeStandard<( (K@'+'''      DrObSVDr&RDb<(Standard~RDb<_xV4B1J InitiatorStandardg*<( (2@' DrObSVDr&}'Standard~}_xV4B1J ResponderStandardg*<( (2@' DrObSVDr&/;,Standardz/;[xV4B1FCky_iStandardg*<( (L@'DrObSVDr&#O()Standard#O(rxV4B1]Cert_r, attr_r, cky_r, cki_iStandardg*<( (L@'DrObSVDr&9\" StandardYI I DrObSVDr&'Q]0, Standard4R[) )DrObSVDr&09Z:>)Standardy09Z:>ZxV4B1ESignStandardg*<( (L@'DrObSVDr&=\A StandardiKZ?U?DrObSVDr&R3[7 StandardY55DrObSVDr&M/U4)StandardM/U4xxV4B1c"Cert_i, attr_i, cky_r, cki_i, signStandardg*<( (L@'"DrObSVDr&?) J"D]O)Standard?) J"D]ObxV4B1M Sign and DoSStandardg*<( (L@' DrObSVDr&Y0qlm8 StandardY0qlm8qxV4B1Z Sign with Standard (K@' session keyStandard (K@'DrObSVDr&;TfC Standard;TfC}xV4B1f Sign with Standard<( (K@' session keyStandard<( (K@'DrXXgg FHome~LT~GliederungDrPgJoeMVTlDrLyLayoutDrLy BackgroundDrLy!Background objectsDrLyControlsDrLyDimension LinesDrML8DrMD,DrOb<SVDr&T C(0-DrObSVDr& 3G#]#Home~LT~Notizen 3G#]axV4B1LClick to add notesHome~LT~Notizen<( (H@' DrXXgg NHome~LT~GliederungDrPg7JoeM`mRDrLyLayoutDrLy BackgroundDrLy!Background objectsDrLyControlsDrLyDimension LinesDrML8DrMD,DrObSVDr&uXStandarduXxV4B1{ Rate limiterStandard<( (@'+'''      DrObLSVDr&S,dxGStandardS,dxGxV4B1&Who: inspired from BGP route dampeningStandardg*<( (@'&+Why: To reduce DOS based on CPU consumptionStandardg*<( (@'1'+/How: a variable(penalty) and 5 tunable values :Standardg*<( (@'1'/ OperationCostStandardg* <( (@'1' CoolDownPeriodStandardg* <( (@'1' CoolDownValueStandardg* <( (@'1' HighThresholdStandardg* <( (@'1' LowThresholdStandardg* <( (@'1' DrXXgg FHome~LT~GliederungDrPgJoeMVTlDrLyLayoutDrLy BackgroundDrLy!Background objectsDrLyControlsDrLyDimension LinesDrML8DrMD,DrOb<SVDr&T C(0/DrObSVDr& 3G#]#Home~LT~Notizen 3G#]axV4B1LClick to add notesHome~LT~Notizen<( (H@' DrXXgg NHome~LT~GliederungDrPgVJoeM`mRDrLyLayoutDrLy BackgroundDrLy!Background objectsDrLyControlsDrLyDimension LinesDrML8DrMD,DrOb SVDr&hStandardhxV4B1Rate limiter(algo)Standard<( (@'+'''DrObSVDr&lk/ Standard?lk/ xV4B1 Algorithm:Standardg*<( (@'1' *Each operation => penalty += operationCostStandardg*<( (@'1'*.Every CoolDownPeriod, penalty -= CoolDownValueStandardg*<( (@'1'.1If penalty > HighThreshold, ignore new operationsStandardg*<( (@'1'11If penalty < LowThreshold, perform new operationsStandardg*<( (@'1'1DrObVSVDr&U7c|EStandardU7c|ExV4B1Threshold allows burstStandardg* <( (@'1'/avoid frequent switching between ignore/performStandardg* <( (@'1'/DrXXgg FHome~LT~GliederungDrPgJoeMVTlDrLyLayoutDrLy BackgroundDrLy!Background objectsDrLyControlsDrLyDimension LinesDrML8DrMD,DrOb<SVDr&T C(01DrObSVDr& 3G#]#Home~LT~Notizen 3G#]axV4B1LClick to add notesHome~LT~Notizen<( (H@' DrXXgg NHome~LT~GliederungDrPgJoeM`mRDrLyLayoutDrLy BackgroundDrLy!Background objectsDrLyControlsDrLyDimension LinesDrML8DrMD,DrObSVDr&fStandardfxV4B1Peer unreachability detectionStandard<( ( @'+'''DrObSVDr&TaiH StandardTaiHxV4B1Why: Standardg*<( ($@'1'3Notify the upper layer that the peer is unreachableStandardg* <( (%@'1'3.When it is back, the session keys are obsoleteStandardg* <( (%@'1'.2How: Wait for cache entry expiration (plainARP) ?Standardg*<( ($@'1'20Termination token (faster when the host is back)Standardg* <( (%@'1'0/Heartbeat using multicast to reduce the trafficStandardg* <( (%@'1'/DrXXgg FHome~LT~GliederungDrPgJoeMVTlDrLyLayoutDrLy BackgroundDrLy!Background objectsDrLyControlsDrLyDimension LinesDrML8DrMD,DrOb<SVDr&T C(03DrObSVDr& 3G#]#Home~LT~Notizen 3G#]axV4B1LClick to add notesHome~LT~Notizen<( (H@' DrXXgg NHome~LT~GliederungDrPgtJoeM`mRDrLyLayoutDrLy BackgroundDrLy!Background objectsDrLyControlsDrLyDimension LinesDrML8DrMD,DrObSVDr&fStandard0fxV4B1Unreach. Detection: Standard<( (1@'+'''termination tokenStandard<( (1@'+'''DrObSVDr&d&YgE Standardd&YgExV4B1z4 What: a special packet stored at cnx establishmentStandardg*<( (I@'1'4A When: replied if the nodes receives packets with obsolete keys.Standardg*<( (I@'1'A2 no timeout so faster than heartbeat in some casesStandardg*<( (I@'1'2DrXXgg FHome~LT~GliederungDrPgJoeMVTlDrLyLayoutDrLy BackgroundDrLy!Background objectsDrLyControlsDrLyDimension LinesDrML8DrMD,DrOb<SVDr&T C(05DrObSVDr& 3G#]#Home~LT~Notizen 3G#]axV4B1LClick to add notesHome~LT~Notizen<( (H@' DrXXgg NHome~LT~GliederungDrPgwJoeM`mRDrLyLayoutDrLy BackgroundDrLy!Background objectsDrLyControlsDrLyDimension LinesDrML8DrMD,DrOb~SVDr&fStandard(f xV4B1Unreach. Detection: Standard<( (1@'+''' HeartbeatStandard<( (1@'+'''      DrObSVDr&@iK StandardC@iK$xV4B1 Destination address: multicastStandardg*<( ($@'1', Authentication and integrity via hash chainStandardg*<( ($@'1',3 Timeout tech: less bandwidth than cache expirationStandardg*<( ($@'1'3*unicast: from O(n) to O(n*n) with n hostsStandardg* <( (%@'1'*multicast: O(n)Standardg* <( (%@'1' DrXXgg FHome~LT~GliederungDrPgJoeMVTlDrLyLayoutDrLy BackgroundDrLy!Background objectsDrLyControlsDrLyDimension LinesDrML8DrMD,DrOb<SVDr&T C(07DrObSVDr& 3G#]#Home~LT~Notizen 3G#]axV4B1LClick to add notesHome~LT~Notizen<( (H@' DrXXgg NHome~LT~GliederungDrPgJoeM`mRDrLyLayoutDrLy BackgroundDrLy!Background objectsDrLyControlsDrLyDimension LinesDrML8DrMD,DrObSVDr&F[StandardF[xV4B1| FragmentationStandard<( (@'+'''      DrObSVDr&ID}kH Standard=ID}kHxV4B1Why useless in plainARP ?Standardg*<( (@'1' Usual MTU 1500byte Standardg*<( (@'1'IPv6 minMTU=1280 byteStandardg*<( (@'1' AX25 MTU= 256 byteStandardg*<( (@'1'  netrom MTU= 128 byteStandardg*<( (@'1' -Similar to Ipv4 fragmentation (queue and ttl)Standardg*<( (@'1'-WExcept fragmentation before authentication (avoid DoS based on the queue algorithm)Standardg* <( (@'1'W,--../DrXXgg FHome~LT~GliederungDrPgJoeMVTlDrLyLayoutDrLy BackgroundDrLy!Background objectsDrLyControlsDrLyDimension LinesDrML8DrMD,DrOb<SVDr&T C(09DrObSVDr& 3G#]#Home~LT~Notizen 3G#]axV4B1LClick to add notesHome~LT~Notizen<( (H@' DrXXgg NHome~LT~GliederungDrPgJoeM`mRDrLyLayoutDrLy BackgroundDrLy!Background objectsDrLyControlsDrLyDimension LinesDrML8DrMD,DrObSVDr& N[Y Standard N[Y xV4B1}Gratuitous ARPStandard<( (@'+'''DrObSVDr&aiLI StandardQaiLI2xV4B1/What: a ARP request asking for its own addressStandardg*<( (@'1'/Why: strange butStandardg*<( (@'1' detection of address duplicationStandardg*<( (@'1' (update plainARP cache (address takeover)Standardg*<( (@'1'(possible in ARPSec ?Standardg*<( (@'1'Address duplication is the sameStandardg*<( (@'1'+'scache update is ok if : the old owner shutdowns gracefully OR if the new owner got a ARPsec connection to the node.Standardg*<( (@'1'sDrXXgg FHome~LT~GliederungDrPgJoeMVTlDrLyLayoutDrLy BackgroundDrLy!Background objectsDrLyControlsDrLyDimension LinesDrML8DrMD,DrOb<SVDr&T C(0;DrObSVDr& 3G#]#Home~LT~Notizen 3G#]axV4B1LClick to add notesHome~LT~Notizen<( (H@' DrXXgg NHome~LT~GliederungDrPg:JoeM`mRDrLyLayoutDrLy BackgroundDrLy!Background objectsDrLyControlsDrLyDimension LinesDrML8DrMD,DrObSVDr&SStandardSxV4B1y UsefulnessStandard<( (K@'+'''      DrObQSVDr& 3Y ? $Standard 3Y ?xV4B1Secure because local ?Standardg*<( (5@'1'OSPF, RIP, VRRPStandardg*<( (7@'1'&Local attacker so easy to track down ?Standardg*<( (5@'1'&Assumed true ?Standardg* <( (7@'1'After the damage doneStandardg* <( (7@'1'DrXXgg FHome~LT~GliederungDrPgJoeMVTlDrLyLayoutDrLy BackgroundDrLy!Background objectsDrLyControlsDrLyDimension LinesDrML8DrMD,DrOb<SVDr&T C(0=DrObSVDr& 3G#]#Home~LT~Notizen 3G#]axV4B1LClick to add notesHome~LT~Notizen<( (H@' DrXXgg NHome~LT~GliederungDrPgJoeM`mRDrLyLayoutDrLy BackgroundDrLy!Background objectsDrLyControlsDrLyDimension LinesDrML8DrMD,DrObSVDr&mSStandardmSxV4B1y UsefulnessStandard<( (K@'+'''      DrObSVDr&IW4K #StandardXIW4K9xV4B1ARPsec isn't end-to-endStandardg*<( (5@'1' how frequent are local attacks ?Standardg* <( (7@'1' IPSec/SSL are end-to-endStandardg*<( (5@'1'don't replace them Standardg* <( (7@'1'intend to complete themStandardg* <( (7@'1'$Any protocol using ARP is vulnerableStandardg*<( (5@'1'$DrXXgg FHome~LT~GliederungDrPgJoeMVTlDrLyLayoutDrLy BackgroundDrLy!Background objectsDrLyControlsDrLyDimension LinesDrML8DrMD,DrOb<SVDr&T C(0?DrObSVDr& 3G#]#Home~LT~Notizen 3G#]axV4B1LClick to add notesHome~LT~Notizen<( (H@' DrXXgg NHome~LT~GliederungDrPgJoeM`mRDrLyLayoutDrLy BackgroundDrLy!Background objectsDrLyControlsDrLyDimension LinesDrML8DrMD,DrObSVDr&  VSY Standard  VSY xV4B1z Future workStandard<( ( @'+'''      DrObSVDr&TDi6D %Standard`TDi6DAxV4B1$Complete it (code/spec)Standardg*<( (I@'1'0List all incompatibilities (e.g. Gratuitous arp)Standardg*<( (I@'1'06ARPke uses secret key for authentication(ala kerberos)Standardg*<( (I@'1'6Rrequire a server (single point of failure, duplication for ha reduce the security)Standardg*<( (M@'1'RSecure rarp and iarp ?Standardg*<( (I@'1'DrXXgg FHome~LT~GliederungDrPgJoeMVTlDrLyLayoutDrLy BackgroundDrLy!Background objectsDrLyControlsDrLyDimension LinesDrML8DrMD,DrOb<SVDr&T C(0ADrObSVDr& 3G#]#Home~LT~Notizen 3G#]axV4B1LClick to add notesHome~LT~Notizen<( (H@' DrXXgg NHome~LT~GliederungDrPg`JoeM`mRDrLyLayoutDrLy BackgroundDrLy!Background objectsDrLyControlsDrLyDimension LinesDrML8DrMD,DrObSVDr& PY Standard PY xV4B1y ConclusionStandard<( ( @'+'''      DrObSVDr&j< +Standardj<xV4B1mARP security is weakStandardg*<( (I@'1'1ARPSec (hopefully :) guarantees the cache contentStandardg*<( (I@'1'1Not yet fully specifiedStandardg*<( (I@'1'Not yet reviewedStandardg*<( (I@'1'DrXXgg FHome~LT~GliederungDrPgJoeMVTlDrLyLayoutDrLy BackgroundDrLy!Background objectsDrLyControlsDrLyDimension LinesDrML8DrMD,DrOb<SVDr&T C(0CDrObSVDr& 3G#]#Home~LT~Notizen 3G#]axV4B1LClick to add notesHome~LT~Notizen<( (H@' DrXXgg NHome~LT~GliederungDrXXBGeneric PrinterSGENPRT PostScriptDVT$mVT$m__d,,lprdefault_queueSGENPRT DrVwP SVDr SVDr:SVDr{{SVDrALayout:SVDr{{SVDr#SVDr SVDr# SVDr0 SVDr1 SVDr3 SVDr4SVDr@SVDr SVDrD SVDrP SVDrQ DrHL DrHL DrHL Q(S Info 0 Info 1 Info 2 Info 3 /1(BL<?WOh+'0 h t 1@w@)@ @ lkj kj !C݅)䰱ChartStarChart 5.0SfxDocumentInfo lkj kj /1|lkj kj /1| uK  XOutdevItemPool 1   )     &'()*+,-./06789:;UVWXYZ[\]c !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstt      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefd0f '@q %XX'"@,dXX'@1(Blue 6Red 133ffGray 60%ffffffGreen 633ffXX X8XOXi'@i X'@ X'@ X'@ X'@ X'@ X@3 X'@Y  XX'@ Blue 6Red 133ffGray 60%ffffffGreen 633ffXX X2XDX\XsX;(+@FX,, @rX--@dX..@dXKK@XQQ@XUU@XVV@4X\@'''','''XXX X8@''''''''''XXX&X8XJX\**@JBX776@@+;(,,--..XXHH~@ +'!'''!'''!