% There has been a recent bit of scare mongering from Lucent about PPP
% over SONet/SDH over on the IETF-PPP list.
% Has anyone (that has deployed) been having incident reports?
-- End of excerpt from William Allen Simpson
There are known operational incidents where an adversary sent
an IP packet designed to set the SONET scrambling algorithm ["f(x)"]
to all zeros. This caused the SONET device to lose communications
syncronisation and the circuit to go down, requiring a manual reset.
Truly an ugly situation.
I've known about this issue ever since the PPP/SONET spec was
published, but have withheld public comment until someone else
mentioned the issue on a public list.
Cisco originally was going to implement a scrambler in its PPP/SONET
implementation (IOS folks like gmc definitely understood the issue),
but the cisco hardware types would not accept free clue and didn't
include the scrambler. Basically all the PPP/SONET implementations
I know about can be taken out with a single well-known (and
easily calculated) IP datagram.
I have not seen the Lucent proposal myself, so I'm not sure what
it looks like.
From time to time I've talked with a couple of folks at a small
networking startup in Mountain View about this issue. My suggestions
to them have been of the form below:
Add a scrambler algorithm to the PPP/SONET spec.
A reasonable approach to that scrambler might be something of
the general form:
X^^A + X^^B + C
^^ is the exponentiation operator
A,B are prime numbers with O(10) or larger.
(A > B)
C is a prime number other than 1.
Adding additional exponential terms might generally strengthen
the algorithm, but intuitively I believe that the above form
is a reasonable tradeoff between implementation complexity and
strength. It is crucial that the selected algorithm be checked
against the SONET scrambler. An early proposal for ATM-layer
scrambling (since fixed) had the property that it fought with the
At this point, an implementation would want to retain backward
compatibility with the deployed systems. Hence, I'd suggest
that implementers put in a knob letting administrators select
either "no PPP scrambling" or "PPP scrambling". Clearly *I* don't
want to buy products that have the vulnerability noted at the top.
PS: I'm not on the PPP or PPPSDH lists, so if folks on those lists
want me to see any followups, those folks will need to Cc: me
PPS: The followups list definitely will need trimming. Please
edit appropriately if you followup...