IETF Logo Mail Archive

Re: [Dots] Secdir last call review of draft-ietf-dots-signal-channel-30

"Konda, Tirumaleswar Reddy" <TirumaleswarReddy_Konda@McAfee.com> Fri, 15 March 2019 14:01 UTC

Return-Path: <TirumaleswarReddy_Konda@mcafee.com>
X-Original-To: dots@ietfa.amsl.com
Delivered-To: dots@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D71B2130D7A; Fri, 15 Mar 2019 07:01:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.301
X-Spam-Level:
X-Spam-Status: No, score=-4.301 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=mcafee.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Xp6vZgyx9vNe; Fri, 15 Mar 2019 07:01:14 -0700 (PDT)
Received: from DNVWSMAILOUT1.mcafee.com (dnvwsmailout1.mcafee.com [161.69.31.173]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1F4AA12D4E9; Fri, 15 Mar 2019 07:01:13 -0700 (PDT)
X-NAI-Header: Modified by McAfee Email Gateway (5500)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mcafee.com; s=s_mcafee; t=1552658255; h=From: To:CC:Subject:Thread-Topic:Thread-Index:Date: Message-ID:References:In-Reply-To:Accept-Language: Content-Language:X-MS-Has-Attach:X-MS-TNEF-Correlator: dlp-product:dlp-version:dlp-reaction:authentication-results: x-originating-ip:x-ms-publictraffictype:x-ms-office365-filtering-correlation-id: x-microsoft-antispam:x-ms-traffictypediagnostic: x-microsoft-antispam-prvs:x-forefront-prvs: x-forefront-antispam-report:received-spf:x-ms-exchange-senderadcheck: x-microsoft-antispam-message-info:Content-Type: Content-Transfer-Encoding:MIME-Version:X-MS-Exchange-CrossTenant-Network-Message-Id: X-MS-Exchange-CrossTenant-originalarrivaltime: X-MS-Exchange-CrossTenant-fromentityheader: X-MS-Exchange-CrossTenant-id:X-MS-Exchange-CrossTenant-mailboxtype: X-MS-Exchange-Transport-CrossTenantHeadersStamped: X-OriginatorOrg:X-NAI-Spam-Flag:X-NAI-Spam-Level: X-NAI-Spam-Threshold:X-NAI-Spam-Score:X-NAI-Spam-Version; bh=1CZUKChQNFLpwSDqeUEpbS3AFBxme4LBv6hKh5 Hs1rU=; b=KKXTyjJRU/xIsYEosDkZaAPwqRxaOT/uzcfW+aVU vmb6O+58C2smbQOmTmpN35ZdtY/wjM4wLgmr0ByqYgVYxEcCvL +FaI8vOsO6hEYSqtokxlfv9hl3iYcki317noB04miOrGzBGA81 H79DGJLBqIonskwKva97irabgXQcWN0=
Received: from DNVEXAPP1N06.corpzone.internalzone.com (unknown [10.44.48.90]) by DNVWSMAILOUT1.mcafee.com with smtp (TLS: TLSv1/SSLv3,256bits,ECDHE-RSA-AES256-SHA384) id 3ff9_3e56_dea83516_35b0_4840_beeb_27a60e9feec3; Fri, 15 Mar 2019 07:57:34 -0600
Received: from DNVEXAPP1N05.corpzone.internalzone.com (10.44.48.89) by DNVEXAPP1N06.corpzone.internalzone.com (10.44.48.90) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Fri, 15 Mar 2019 08:00:56 -0600
Received: from DNVO365EDGE2.corpzone.internalzone.com (10.44.176.74) by DNVEXAPP1N05.corpzone.internalzone.com (10.44.48.89) with Microsoft SMTP Server (TLS) id 15.0.1395.4 via Frontend Transport; Fri, 15 Mar 2019 08:00:56 -0600
Received: from NAM04-BN3-obe.outbound.protection.outlook.com (10.44.176.241) by edge.mcafee.com (10.44.176.74) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Fri, 15 Mar 2019 08:00:55 -0600
Received: from BYAPR16MB2790.namprd16.prod.outlook.com (20.178.233.91) by BYAPR16MB2982.namprd16.prod.outlook.com (20.178.235.208) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1709.14; Fri, 15 Mar 2019 14:00:54 +0000
Received: from BYAPR16MB2790.namprd16.prod.outlook.com ([fe80::9c48:452b:e39c:ef39]) by BYAPR16MB2790.namprd16.prod.outlook.com ([fe80::9c48:452b:e39c:ef39%2]) with mapi id 15.20.1709.011; Fri, 15 Mar 2019 14:00:54 +0000
From: "Konda, Tirumaleswar Reddy" <TirumaleswarReddy_Konda@McAfee.com>
To: Michael Richardson <mcr+ietf@sandelman.ca>
CC: "mohamed.boucadair@orange.com" <mohamed.boucadair@orange.com>, Stephen Farrell <stephen.farrell@cs.tcd.ie>, "secdir@ietf.org" <secdir@ietf.org>, "draft-ietf-dots-signal-channel.all@ietf.org" <draft-ietf-dots-signal-channel.all@ietf.org>, "ietf@ietf.org" <ietf@ietf.org>, "dots@ietf.org" <dots@ietf.org>
Thread-Topic: Secdir last call review of draft-ietf-dots-signal-channel-30
Thread-Index: AQHU2xxjG8gRJA7b406ek86bI9y+AKYMhIbggAApRACAAAhfcA==
Date: Fri, 15 Mar 2019 14:00:54 +0000
Message-ID: <BYAPR16MB27907BCF7C7D33B4DDE87770EA440@BYAPR16MB2790.namprd16.prod.outlook.com>
References: <155257761487.2625.10003476313108979036@ietfa.amsl.com> <787AE7BB302AE849A7480A190F8B93302EA3DFC8@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <72f7b85c-74fb-0f79-8211-50043c2b4b47@cs.tcd.ie> <787AE7BB302AE849A7480A190F8B93302EA3E475@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <f15534d0-4c4e-171e-a092-5947eada76ca@cs.tcd.ie> <787AE7BB302AE849A7480A190F8B93302EA3E6E1@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <BYAPR16MB27909890588A3D557F3DDB51EA440@BYAPR16MB2790.namprd16.prod.outlook.com> <10751.1552656092@localhost>
In-Reply-To: <10751.1552656092@localhost>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
dlp-product: dlpe-windows
dlp-version: 11.2.0.6
dlp-reaction: no-action
authentication-results: spf=none (sender IP is ) smtp.mailfrom=TirumaleswarReddy_Konda@McAfee.com;
x-originating-ip: [49.37.203.5]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 4a6728d5-ae64-43a9-2159-08d6a94ea435
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(5600127)(711020)(4605104)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(2017052603328)(7153060)(7193020); SRVR:BYAPR16MB2982;
x-ms-traffictypediagnostic: BYAPR16MB2982:
x-microsoft-antispam-prvs: <BYAPR16MB29823CEB8466FCD8617C5C8FEA440@BYAPR16MB2982.namprd16.prod.outlook.com>
x-forefront-prvs: 09778E995A
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(376002)(346002)(396003)(39860400002)(366004)(136003)(32952001)(13464003)(199004)(189003)(14454004)(9686003)(68736007)(53546011)(6506007)(76176011)(55016002)(105586002)(8936002)(6246003)(106356001)(186003)(25786009)(8676002)(26005)(53936002)(305945005)(81156014)(81166006)(478600001)(97736004)(93886005)(7736002)(72206003)(54906003)(102836004)(316002)(2906002)(66066001)(33656002)(256004)(99286004)(7696005)(80792005)(3846002)(6116002)(5660300002)(71190400001)(4326008)(71200400001)(14444005)(229853002)(52536014)(486006)(446003)(6436002)(74316002)(11346002)(476003)(86362001)(85282002); DIR:OUT; SFP:1101; SCL:1; SRVR:BYAPR16MB2982; H:BYAPR16MB2790.namprd16.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: McAfee.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: QJAj2f0OGKV1fe3zV6w9WPc6HhcDzhlhNI6f9ByCXLfpQLwYzWEacZNCYmmm5wqJDvlwwhbddrHxng/TeLss4Hn8j1+m7+9c7lDzaffFioxAKBooj0zqALzGHufTi9/tHXp0tECf5Kuk9E5Eo/bUUza1157cRXOn9rWkRkl+FssAj4sI/mMAaqXZbX8VlmzHJEpG3/RpOPu2JKNGx3HlISjXrZH7dPYWIabz/nBKF0w8QUJv4lGwh0tMsCDZDUDbnPvntSx6vOBgXqagtpwj/7fw+X00305Zu7mJCUWhTumQYoU3NA4VULwwboVC5AT1F6aD3hrnHN2+2erwUd5KYOPOYk8jppd2Ol/WV/2ejcJIeew3w+Nfj/YusVOSIWeAsZJy72/D0IyHpoFzj5LdGGosbdg3O1LIg9pBUA0kejY=
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 4a6728d5-ae64-43a9-2159-08d6a94ea435
X-MS-Exchange-CrossTenant-originalarrivaltime: 15 Mar 2019 14:00:54.5551 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 4943e38c-6dd4-428c-886d-24932bc2d5de
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR16MB2982
X-OriginatorOrg: mcafee.com
X-NAI-Spam-Flag: NO
X-NAI-Spam-Level:
X-NAI-Spam-Threshold: 15
X-NAI-Spam-Score: 0.1
X-NAI-Spam-Version: 2.3.0.9418 : core <6504> : inlines <7034> : streams <1815781> : uri <2813263>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dots/953_Gmsyfwl-JtrN3pFS4wxwDOc>
Subject: Re: [Dots] Secdir last call review of draft-ietf-dots-signal-channel-30
X-BeenThere: dots@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of DDoS Open Threat Signaling \(DOTS\) technology and directions." <dots.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dots>, <mailto:dots-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dots/>
List-Post: <mailto:dots@ietf.org>
List-Help: <mailto:dots-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dots>, <mailto:dots-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 15 Mar 2019 14:01:17 -0000

> -----Original Message-----
> From: Michael Richardson <mcr+ietf@sandelman.ca>
> Sent: Friday, March 15, 2019 6:52 PM
> To: Konda, Tirumaleswar Reddy <TirumaleswarReddy_Konda@McAfee.com>
> Cc: mohamed.boucadair@orange.com; Stephen Farrell
> <stephen.farrell@cs.tcd.ie>; secdir@ietf.org; draft-ietf-dots-signal-
> channel.all@ietf.org; ietf@ietf.org; dots@ietf.org
> Subject: Re: Secdir last call review of draft-ietf-dots-signal-channel-30
> 
> 
> Konda, Tirumaleswar Reddy <TirumaleswarReddy_Konda@McAfee.com> wrote:
>     > Stephen is referring to an attack where a compromised DOTS client
>     > initiates mitigation request for a target resource that is attacked and
>     > learns the mitigation efficacy of the DOTS server, informs the
>     > mitigation efficacy to DDoS attacker to change the DDoS attack
>     > strategy.
> 
> Is there a word for an an infantry troup who goes behind enemy lines in order
> to communicate how will the artilery is?  I guess a modern form is these laser
> targetted missiles, where the target is "painted".
> 
> I don't know if there are words for this kind of thing, but this would seem to
> describe the situation.
> 
>     > We can add the following lines to address his comment:
> 
>     > A compromised DOTS client can collude with a DDoS attacker to send
>     > mitigation request for a target resource, learns the mitigation
>     > efficacy from the DOTS server, and conveys the efficacy to the DDoS
>     > attacker to learn the mitigation capabilities of the DDoS mitigation
>     > and to possibly change the DDoS attack strategy. This attack can be
>     > prevented by auditing the behavior of DOTS clients and authorizing the
>     > DOTS client to request mitigation for specific target resources.
> 
> If a resource is already under attack, there are already mitigation requests for
> that target, can a compromised DOTS client leaern anything by requesting
> mitigation on the same target ?

I meant the scenario where the compromised DOTS client initiates the mitigation request before the legitimate DOTS client sends the mitigation request to the DOTS server. DOTS clients are typically trusted devices like Firewalls/IPS, DDoS mitigators/detectors. In future, application servers and endpoints can act as DOTS clients.

-Tiru

> 
> --
> Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works  -
> = IPv6 IoT consulting =-

v2.23.0 | Report a Bug | By Email