Re: [77attendees] Bar BoF: ip traceback

Hi

I may be a bit off here but anyway..
DDoS mitogation has been discussed as application for Congetsion Exposure  (ConEx).
Links to the proposed charter and some problem description text is found at
http://www.ietf.org/proceedings/10mar/agenda/conex.txt
The first BoF session was yesterday, the 2nd session is today 15.10 to 16.10 in California B
I am particularly interested in comments as reagards in what way ConEx can be used in DoS ad DDoS mitigation.

PS, ConEx was BoFed already in Hiroshima but is re-BoFed this week

Regards 
Ingemar

> -----Original Message-----
> From: 77attendees-bounces@ietf.org 
> [mailto:77attendees-bounces@ietf.org] On Behalf Of Yoav Nir
> Sent: den 25 mars 2010 11:16
> To: Chris Morrow
> Cc: 77attendees@ietf.org
> Subject: Re: [77attendees] Bar BoF: ip traceback
> 
> On Mar 25, 2010, at 10:49 AM, Chris Morrow wrote:
> 
> > On Thu, Mar 25, 2010 at 10:40 AM, Yoav Nir 
> <ynir@checkpoint.com> wrote:
> >> 
> >> On Mar 25, 2010, at 9:46 AM, Jari Arkko wrote:
> >>>> My own, personal conclusion was that this was 
> interesting and has potential. There *is* work to be done 
> (two different versions that they wrote did not interoperate 
> properly) and since success requires wide adoption by ISPs, I 
> believe that the IETF is probably the right place for this.  
> But these are just my personal opinions, and I have no idea 
> if we can get enough people to actually work on this.
> >>>> 
> >>>> I suggest that the correct next step is for the authors 
> to contact one or more ADs. Though this seems directly 
> related to security, the fact that this would be a protocol 
> that would run between AS edge routers, it could fall to 
> other areas as well. So I think the next step should be 
> scheduling a BoF for next IETF, and making sure that the 
> right people are there.
> >>>> 
> >>> 
> >>> The question in my mind is: is the world interested in 
> this technology. Previous IETF efforts in traceback failed 
> IMO due to lack of operator/vendor interest. We should not 
> create new efforts unless that interest surges again. Is it 
> surging, and if so, why?
> >>> 
> >>> Jari
> >> 
> >> We've heard that attack packets now take up a significant 
> portion of 
> >> the traffic on the Internet. Specifically members of 
> bot-nets create 
> >> congestion for ISPs. There is a chance
> > 
> > where is this statistic? as near as I know/recall it's no 
> where near 
> > 'significant portion' in general. Certainly there are times when 
> > individual links see this as the case (mostly edge/customer links).
> 
> I've heard it in some talks. There's also this, but it's not 
> based on statistics:
> http://sparrow.ece.cmu.edu/group/pub/studer_esorics09.pdf
> 
> Of course it makes sense that a DDoS attack against a 
> particular network will cause congestion at the ISP serving 
> that network, so the ISP may be interested in cooperating 
> with other ISPs to detect the bots who may participate in 
> such an attack.
> 
> > 
> >> that now they would be more interested in deploying traceback 
> >> technology than in the past, when Internet attacks were a 
> problem only for the end users.
> > 
> > probably not, no... the traceback options from the past 
> nearly all had 
> > significant penalties on the routing equipment in the network, that 
> > was a showstopper then, and will be today.
> > 
> >> We have at least anecdotal evidence of such interest, in 
> that 15 Japanese ISPs have agreed to participate in this 
> experiment on their production networks. This must count for 
> something.
> >> 
> >> 
> >> Anyway, a BoF with the relevant people present is, IMO, 
> the best way to gauge the interest.
> >> 
> >> So the next steps are to set up a BoF for IETF 78, and to set up a 
> >> mailing list, where hopefully we can hear from the operators.
> > 
> > hopefully announce it early :) I'd love to attend.
> 
> Me too.
> _______________________________________________
> 77attendees mailing list
> 77attendees@ietf.org
> https://www.ietf.org/mailman/listinfo/77attendees
> 