IETF Logo Mail Archive

Re: [core] Consensus on using Echo to mitigate NoSec amplification?

Christian Amsüss <christian@amsuess.com> Mon, 02 March 2020 16:07 UTC

Return-Path: <christian@amsuess.com>
X-Original-To: core@ietfa.amsl.com
Delivered-To: core@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F15AB3A09F2 for <core@ietfa.amsl.com>; Mon, 2 Mar 2020 08:07:56 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Lnioimnz2Wqg for <core@ietfa.amsl.com>; Mon, 2 Mar 2020 08:07:55 -0800 (PST)
Received: from prometheus.amsuess.com (prometheus.amsuess.com [5.9.147.112]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AC8EC3A09DA for <core@ietf.org>; Mon, 2 Mar 2020 08:07:52 -0800 (PST)
Received: from poseidon-mailhub.amsuess.com (095129206250.cust.akis.net [95.129.206.250]) by prometheus.amsuess.com (Postfix) with ESMTPS id CE71E4011B; Mon, 2 Mar 2020 17:07:50 +0100 (CET)
Received: from poseidon-mailbox.amsuess.com (hermes.amsuess.com [10.13.13.254]) by poseidon-mailhub.amsuess.com (Postfix) with ESMTP id 91E9EDB; Mon, 2 Mar 2020 17:07:48 +0100 (CET)
Received: from hephaistos.amsuess.com (unknown [IPv6:2a02:b18:c13b:8010:3c16:5e58:e95c:9d90]) by poseidon-mailbox.amsuess.com (Postfix) with ESMTPSA id 463A6148; Mon, 2 Mar 2020 17:07:48 +0100 (CET)
Received: (nullmailer pid 587853 invoked by uid 1000); Mon, 02 Mar 2020 16:06:27 -0000
Date: Mon, 02 Mar 2020 17:06:27 +0100
From: Christian Amsüss <christian@amsuess.com>
To: Carsten Bormann <cabo@tzi.org>
Cc: Core <core@ietf.org>
Message-ID: <20200302160627.GB568382@hephaistos.amsuess.com>
References: <2554B0B8-1C32-453E-AB28-90AB61242450@tzi.org>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="WhfpMioaduB5tiZL"
Content-Disposition: inline
In-Reply-To: <2554B0B8-1C32-453E-AB28-90AB61242450@tzi.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/core/k3UgvR8yCiQWbInbYKrUu3iI6p8>
Subject: Re: [core] Consensus on using Echo to mitigate NoSec amplification?
X-BeenThere: core@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Constrained RESTful Environments \(CoRE\) Working Group list" <core.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/core>, <mailto:core-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/core/>
List-Post: <mailto:core@ietf.org>
List-Help: <mailto:core-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/core>, <mailto:core-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 02 Mar 2020 16:07:57 -0000

On Tue, Feb 25, 2020 at 02:19:33PM +0100, Carsten Bormann wrote:
> Would the CoRE WG be fine with expanding the “updates 7252” text in
> draft-ietf-core-echo-request-tag to also include recommending this
> mitigation?  If you have a position on this, please reply to the list
> (or to the chairs) by March 2nd.

The current version stays as vague on what a larger response is as
RFC7252, I'd like to sharpen that when incorporating the above. My
current corner points are "a TCP SYN+ACK is 3 byte larger than a SYN",
and that NTP had a factor-200 amplification built in earlier versions
(though that's probably UDP-only, and headers'd make that more like
factor-50).

Is there any guidance that could be referenced, eg. an RFC that puts a
number to what consitutes an amplification attack vector? Even [RFC4732]
only talks of "significantly greater" packages.

Thanks
Christian

[RFC4732]: https://tools.ietf.org/html/rfc4732#section-3.1

-- 
Build a man a fire, and he'll be warm for a day. Set a man on fire, and
he'll be warm for the rest of his life.
  -- Terry Pratchett (attributed)

v2.23.0 | Report a Bug | By Email