Re: [77attendees] Bar BoF: ip traceback
Ingemar Johansson S <ingemar.s.johansson@ericsson.com> Thu, 25 March 2010 18:45 UTC
Return-Path: <ingemar.s.johansson@ericsson.com>
X-Original-To: 77attendees@core3.amsl.com
Delivered-To: 77attendees@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C15153A6993 for <77attendees@core3.amsl.com>; Thu, 25 Mar 2010 11:45:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.209
X-Spam-Level:
X-Spam-Status: No, score=-0.209 tagged_above=-999 required=5 tests=[AWL=1.260, BAYES_00=-2.599, DNS_FROM_OPENWHOIS=1.13]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CorVZOBJEmDF for <77attendees@core3.amsl.com>; Thu, 25 Mar 2010 11:45:49 -0700 (PDT)
Received: from mailgw9.se.ericsson.net (mailgw9.se.ericsson.net [193.180.251.57]) by core3.amsl.com (Postfix) with ESMTP id 94BB83A6B83 for <77attendees@ietf.org>; Thu, 25 Mar 2010 11:45:43 -0700 (PDT)
X-AuditID: c1b4fb39-b7b85ae000005cbc-03-4babaf6c5371
Received: from esessmw0197.eemea.ericsson.se (Unknown_Domain [153.88.253.125]) by mailgw9.se.ericsson.net (Symantec Brightmail Gateway) with SMTP id 16.D8.23740.C6FABAB4; Thu, 25 Mar 2010 19:46:04 +0100 (CET)
Received: from ESESSCMS0356.eemea.ericsson.se ([169.254.2.100]) by esessmw0197.eemea.ericsson.se ([153.88.115.87]) with mapi; Thu, 25 Mar 2010 19:46:04 +0100
From: Ingemar Johansson S <ingemar.s.johansson@ericsson.com>
To: Yoav Nir <ynir@checkpoint.com>, Chris Morrow <morrowc@google.com>
Date: Thu, 25 Mar 2010 19:45:56 +0100
Thread-Topic: [77attendees] Bar BoF: ip traceback
Thread-Index: AcrMRzawmNqVhN4oTtyAoZ5O8KHDCwAAw9hg
Message-ID: <548FC4B9D57A4043AAFFE888A39429031D01FA5A11@ESESSCMS0356.eemea.ericsson.se>
References: <4BA8BCE3.5020309@is.naist.jp> <4BA95B6A.5040707@is.naist.jp> <4BAB0464.2010307@is.naist.jp> <4BAB7A4D.7070904@piuha.net> <8133D17D-D9B6-40A6-AE9B-80BF90A5223D@checkpoint.com> <4BAB936E.6010307@piuha.net> <C3960BE0-9093-4863-8AAE-62BEAB197E6D@checkpoint.com> <c7cec2131003251049q7c5da6d1i9d0bd94cf9a8ec9@mail.gmail.com> <BDC8FFC0-FD16-47FF-AEBE-68A97FB8694F@checkpoint.com>
In-Reply-To: <BDC8FFC0-FD16-47FF-AEBE-68A97FB8694F@checkpoint.com>
Accept-Language: sv-SE, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: sv-SE, en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Brightmail-Tracker: AAAAAA==
Cc: "77attendees@ietf.org" <77attendees@ietf.org>
Subject: Re: [77attendees] Bar BoF: ip traceback
X-BeenThere: 77attendees@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <77attendees.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/77attendees>, <mailto:77attendees-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/77attendees>
List-Post: <mailto:77attendees@ietf.org>
List-Help: <mailto:77attendees-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/77attendees>, <mailto:77attendees-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 25 Mar 2010 18:45:50 -0000
Hi I may be a bit off here but anyway.. DDoS mitogation has been discussed as application for Congetsion Exposure (ConEx). Links to the proposed charter and some problem description text is found at http://www.ietf.org/proceedings/10mar/agenda/conex.txt The first BoF session was yesterday, the 2nd session is today 15.10 to 16.10 in California B I am particularly interested in comments as reagards in what way ConEx can be used in DoS ad DDoS mitigation. PS, ConEx was BoFed already in Hiroshima but is re-BoFed this week Regards Ingemar > -----Original Message----- > From: 77attendees-bounces@ietf.org > [mailto:77attendees-bounces@ietf.org] On Behalf Of Yoav Nir > Sent: den 25 mars 2010 11:16 > To: Chris Morrow > Cc: 77attendees@ietf.org > Subject: Re: [77attendees] Bar BoF: ip traceback > > On Mar 25, 2010, at 10:49 AM, Chris Morrow wrote: > > > On Thu, Mar 25, 2010 at 10:40 AM, Yoav Nir > <ynir@checkpoint.com> wrote: > >> > >> On Mar 25, 2010, at 9:46 AM, Jari Arkko wrote: > >>>> My own, personal conclusion was that this was > interesting and has potential. There *is* work to be done > (two different versions that they wrote did not interoperate > properly) and since success requires wide adoption by ISPs, I > believe that the IETF is probably the right place for this. > But these are just my personal opinions, and I have no idea > if we can get enough people to actually work on this. > >>>> > >>>> I suggest that the correct next step is for the authors > to contact one or more ADs. Though this seems directly > related to security, the fact that this would be a protocol > that would run between AS edge routers, it could fall to > other areas as well. So I think the next step should be > scheduling a BoF for next IETF, and making sure that the > right people are there. > >>>> > >>> > >>> The question in my mind is: is the world interested in > this technology. Previous IETF efforts in traceback failed > IMO due to lack of operator/vendor interest. We should not > create new efforts unless that interest surges again. Is it > surging, and if so, why? > >>> > >>> Jari > >> > >> We've heard that attack packets now take up a significant > portion of > >> the traffic on the Internet. Specifically members of > bot-nets create > >> congestion for ISPs. There is a chance > > > > where is this statistic? as near as I know/recall it's no > where near > > 'significant portion' in general. Certainly there are times when > > individual links see this as the case (mostly edge/customer links). > > I've heard it in some talks. There's also this, but it's not > based on statistics: > http://sparrow.ece.cmu.edu/group/pub/studer_esorics09.pdf > > Of course it makes sense that a DDoS attack against a > particular network will cause congestion at the ISP serving > that network, so the ISP may be interested in cooperating > with other ISPs to detect the bots who may participate in > such an attack. > > > > >> that now they would be more interested in deploying traceback > >> technology than in the past, when Internet attacks were a > problem only for the end users. > > > > probably not, no... the traceback options from the past > nearly all had > > significant penalties on the routing equipment in the network, that > > was a showstopper then, and will be today. > > > >> We have at least anecdotal evidence of such interest, in > that 15 Japanese ISPs have agreed to participate in this > experiment on their production networks. This must count for > something. > >> > >> > >> Anyway, a BoF with the relevant people present is, IMO, > the best way to gauge the interest. > >> > >> So the next steps are to set up a BoF for IETF 78, and to set up a > >> mailing list, where hopefully we can hear from the operators. > > > > hopefully announce it early :) I'd love to attend. > > Me too. > _______________________________________________ > 77attendees mailing list > 77attendees@ietf.org > https://www.ietf.org/mailman/listinfo/77attendees >
- [77attendees] Bar BoF: ip traceback Hiroaki Hazeyama
- Re: [77attendees] Bar BoF: ip traceback Hiroaki Hazeyama
- Re: [77attendees] Bar BoF: ip traceback Hiroaki Hazeyama
- Re: [77attendees] Bar BoF: ip traceback Jari Arkko
- Re: [77attendees] Bar BoF: ip traceback Yoav Nir
- Re: [77attendees] Bar BoF: ip traceback Jari Arkko
- Re: [77attendees] Bar BoF: ip traceback Hiroaki Hazeyama
- Re: [77attendees] Bar BoF: ip traceback Yoav Nir
- Re: [77attendees] Bar BoF: ip traceback Chris Morrow
- Re: [77attendees] Bar BoF: ip traceback Yoav Nir
- Re: [77attendees] Bar BoF: ip traceback Chris Morrow
- Re: [77attendees] Bar BoF: ip traceback Ingemar Johansson S
- Re: [77attendees] Bar BoF: ip traceback Spencer Dawkins
- Re: [77attendees] Bar BoF: ip traceback Thomson, Martin
- Re: [77attendees] Bar BoF: ip traceback Spencer Dawkins
- [77attendees] Ad hoc meetings (Was: Re: Bar BoF: … Jari Arkko
- Re: [77attendees] Ad hoc meetings (Was: Re: Bar B… Spencer Dawkins
- Re: [77attendees] Ad hoc meetings (Was: Re: Bar B… Brian E Carpenter
- Re: [77attendees] Ad hoc meetings (Was: Re: Bar B… Marc Blanchet
- Re: [77attendees] Ad hoc meetings (Was: Re: Bar B… J.D. Falk
- Re: [77attendees] Ad hoc meetings (Was: Re: Bar B… Carl Williams
- Re: [77attendees] Ad hoc meetings (Was: Re: Bar B… Fred Baker
- Re: [77attendees] Ad hoc meetings (Was: Re: Bar B… Brian E Carpenter
- Re: [77attendees] Ad hoc meetings (Was: Re: Bar B… Fred Baker
- Re: [77attendees] Ad hoc meetings (Was: Re: Bar B… Lars Eggert
- Re: [77attendees] Ad hoc meetings (Was: Re: Bar B… Klaas Wierenga
- Re: [77attendees] Ad hoc meetings (Was: Re: Bar B… Scott Brim
- Re: [77attendees] Ad hoc meetings (Was: Re: Bar B… joel.jaeggli
- Re: [77attendees] Ad hoc meetings (Was: Re: Bar B… Jari Arkko
- Re: [77attendees] Ad hoc meetings (Was: Re: Bar B… Carsten Bormann
- Re: [77attendees] Ad hoc meetings (Was: Re: Bar B… Joel M. Halpern
- Re: [77attendees] Ad hoc meetings (Was: Re: Bar B… Melinda Shore
- Re: [77attendees] Ad hoc meetings (Was: Re: Bar B… Carsten Bormann
- Re: [77attendees] Ad hoc meetings (Was: Re: Bar B… Joerg Ott
- Re: [77attendees] Ad hoc meetings (Was: Re: Bar B… Lars Eggert
- Re: [77attendees] Ad hoc meetings (Was: Re: Bar B… Lars Eggert
- Re: [77attendees] Ad hoc meetings (Was: Re: Bar B… Ingemar Johansson S
- Re: [77attendees] Ad hoc meetings (Was: Re: Bar B… Thomas Hardjono
- Re: [77attendees] Ad hoc meetings (Was: Re: Bar B… Dan Wing
- Re: [77attendees] Ad hoc meetings (Was: Re: Bar B… Randy Bush
- Re: [77attendees] Ad hoc meetings (Was: Re: Bar B… Eliot Lear
- Re: [77attendees] Ad hoc meetings (Was: Re: Bar B… Randy Bush
- Re: [77attendees] Ad hoc meetings (Was: Re: Bar B… Jeffrey Hutzelman
- Re: [77attendees] Ad hoc meetings (Was: Re: Bar B… Randy Bush
- Re: [77attendees] Ad hoc meetings (Was: Re: Bar B… Michael StJohns
- Re: [77attendees] Ad hoc meetings (Was: Re: Bar B… Henning Schulzrinne
- Re: [77attendees] Ad hoc meetings (Was: Re: Bar B… Scott Brim
- Re: [77attendees] Ad hoc meetings (Was: Re: Bar B… Brian E Carpenter
- Re: [77attendees] terminal room Tony Hansen
- Re: [77attendees] terminal room Al Morton
- Re: [77attendees] Ad hoc meetings (FCFS break out… Tony Hansen
- Re: [77attendees] Ad hoc meetings (Was: Re: Bar B… Spencer Dawkins
- Re: [77attendees] terminal room Hui Deng
- Re: [77attendees] terminal room David Morris
- Re: [77attendees] terminal room Tom Yu
- Re: [77attendees] Ad hoc meetings (Was: Re: Bar B… joel.jaeggli
- Re: [77attendees] terminal room Ed Jankiewicz
- Re: [77attendees] terminal room Richard Barnes
- Re: [77attendees] terminal room Ted Lemon
- Re: [77attendees] Ad hoc meetings (Was: Re: Bar B… Scott Brim
- Re: [77attendees] Ad hoc meetings (Was: Re: Bar B… Marshall Eubanks
- Re: [77attendees] Ad hoc meetings (Was: Re: Bar B… Richard Barnes
- Re: [77attendees] Ad hoc meetings (Was: Re: Bar B… Stephan Wenger
- Re: [77attendees] Ad hoc meetings (Was: Re: Bar B… Melinda Shore
- Re: [77attendees] Ad hoc meetings (Was: Re: Bar B… joel.jaeggli
- Re: [77attendees] Ad hoc meetings (Was: Re: Bar B… Ole Jacobsen
- Re: [77attendees] Ad hoc meetings (Was: Re: Bar B… Randy Bush
- Re: [77attendees] terminal room David Borman
- Re: [77attendees] Ad hoc meetings (Was: Re: Bar B… Marshall Eubanks
- Re: [77attendees] Ad hoc meetings (Was: Re: Bar B… Melinda Shore
- Re: [77attendees] Ad hoc meetings (Was: Re: Bar B… Marshall Eubanks
- Re: [77attendees] Ad hoc meetings (Was: Re: Bar B… Marshall Eubanks
- Re: [77attendees] Ad hoc meetings (Was: Re: Bar B… Geoff Thompson
- Re: [77attendees] Ad hoc meetings (Was: Re: Bar B… Stephan Wenger
- Re: [77attendees] terminal room Joerg Ott
- Re: [77attendees] Ad hoc meetings (Was: Re: Bar B… Stephen Farrell
- Re: [77attendees] Ad hoc meetings (Was: Re: Bar B… Joerg Ott
- Re: [77attendees] Ad hoc meetings (Was: Re: Bar B… Ingemar Johansson S
- Re: [77attendees] terminal room Dearlove, Christopher (UK)
- Re: [77attendees] terminal room Thomas Heide Clausen
- Re: [77attendees] terminal room Ingemar Johansson S
- Re: [77attendees] terminal room Randy Bush
- [77attendees] Note well? [Ad hoc meetings (Was: R… Brian E Carpenter
- Re: [77attendees] terminal room Yao Jiankang
- Re: [77attendees] terminal room Dmitry Burkov
- Re: [77attendees] terminal room Samuel Weiler
- Re: [77attendees] terminal room joel.jaeggli
- Re: [77attendees] Ad hoc meetings (Was: Re: Bar B… Jari Arkko
- Re: [77attendees] Ad hoc meetings (Was: Re: Bar B… Jeffrey Hutzelman