[OLSR-users] Rescue access

Ignacio García Pérez (spam-protected)
Fri Apr 8 18:18:12 CEST 2005 

> I too am concerned about the need to rescue notes which may be
> inaccessible physically.  I plan to deploy a fair number of WRTs.
>
> Is is possible that the rescue should be at the application level rather
> than the packet level.  I was thinking of a plugin similar to what
> Ignacio proposes, but once the machine receives the packet, it simply
> saves url somewhere, possibly in nvram.  Then when it is convenient,
> that is when there is no traffic through the node, the node can take
> itself off-line for routing traffic, set up a tun, and contacts the url
> where a web service is running.
>
> The web service can do whatever is necessary to the node: diagnose,
> repair, update, or activate an interactive session through a protocol of
> your choice over a port of your choice.  The last command of the session
> can be to reboot.

Instead of a plugin, an independent daemon is preferred, so it will still
work even is olsrd segfaults or something really weird.

The "rescue" process itself may be whatever you want and very specific to
your aplication. The daemon would just provide the network access.

In your case, you can use the networking provided by the daemon to connect
to another daemon that would be the one responsible for receiving, storing,
and scheduling the url connection for later.

This would be more modular.

> Security would still be an issue.  We need to prevent an attacker from
> being able to set that url.

Why not just use SSH?. The networking rescue daemon will just let you
connect to the node. To what and how you connect is your choice. You can
even just execute a command via SSH that will store and schedule the URL,
you don't even need a secondary daemon for that.

My only concern is restricting access to the network "flood" functionality
which is basically what the rescue daemon would provide. It would be
extremely easy to issue a DOS attack against the network is any node is
willing to make the flood for anyone.

Since you can actually encrypt the data stream by using SSH or SSL over the
"flood" network, all we actually need is authorization. Only certain packets
must be flooded.

The first method that comes to mind is RSA signing every packet. It would
impose a large overhead per packet, and would not be probably worth, because
every node would need to know both the public and private keys (as long as
it sends messages, needs to sign them). So, asymmetry is not worth. Any
ideas on a symmetric crypt method?

Nacho.

More information about the Olsr-users mailing list