Securing the Control-plane Channel and Cache of Pull-based ID/LOC Protocols

03/22/2018
by   Paul Almasan, et al.
0

Pull-based ID/LOC split protocols, such as LISP (RFC6830), retrieve mappings from a mapping system to encapsulate and forward packets. This is done by means of a control-plane channel. In this short paper we describe three attacks against this channel (Denial-of-Service and overflowing) as well as the against the local cache used to store such mappings. We also provide a solution against such attacks that implements a per-source rate-limiter using a Count-Min Sketch data-structure.

READ FULL TEXT

Please sign up or login with your details

Forgot password? Click here to reset