kprop with multiple or NATted IP address

Greg Hudson ghudson at mit.edu
Thu Dec 24 00:21:19 EST 2015


On 12/23/2015 03:50 PM, Jerry Shipman wrote:
> Is there a way to do what I’m trying to do?
> Or, is there a reason that it is dangerous to avoid verifying that IP match, and I shouldn’t try to work around it?

The only really useful purpose of checking addresses is preventing
reflection attacks, where an attacker takes a KRB-PRIV or KRB-SAFE
message from one of the parties and send it back to them as if it came
from the other party.  Many protocols aren't susceptible to reflection
attacks because they don't use similar formats for requests and
responses.  After verifying that the kprop protocol isn't vulnerable, we
could probably make changes similar to the ones we made to kpasswd to
allow it to work over NATs.

(Protocols using GSS don't have this problem because GSS tokens only use
direction bits, not addresses.  Well, unless they use IP address channel
bindings, which isn't common.)


More information about the Kerberos mailing list