Interloper break in the server via the captured client #281
Conversation
I have fear about that the knocker and visitor are not the same guy when I open the door to SPA server, and protected private sevice behind the server will be exposed to the knocker from a captured client ,in this case it could be hightly dangerous
|
The primary "source of truth" is what is encoded in the SPA message. This allows fwknop to support use cases such as using the fwknop to open a service for access from a client on a seemingly totally unrelated network. It also allows for a client to spoof the source IP. Or both in combination. Note that the access is granted to the IP that is encrypted within the SPA payload, and this is "known good" since it is authenticated (HMAC should always be used), so in a very real sense it doesn't matter what the source IP is in the SPA packet IP header. Now, what we could do is add a new optional feature to have fwknopd check to see whether the source iP on the SPA packet IP header is the same as what is encrypted with the packet. This would need a configuration variable added to fwknopd. This is in the spirt of what you have submitted, but just extended to support the above too. |
I have fear about that the knocker and visitor are not the same guy when I open the door to SPA server, and protected private sevice behind the server will be exposed to the knocker from a captured client ,in this case it could be hightly dangerous