Re: [Dots] draft-ietf-dots-signal-channel-33
"Konda, Tirumaleswar Reddy" <TirumaleswarReddy_Konda@McAfee.com> Thu, 16 May 2019 04:15 UTC
Return-Path: <TirumaleswarReddy_Konda@mcafee.com>
X-Original-To: dots@ietfa.amsl.com
Delivered-To: dots@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D68A91201A1 for <dots@ietfa.amsl.com>; Wed, 15 May 2019 21:15:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.309
X-Spam-Level:
X-Spam-Status: No, score=-4.309 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=mcafee.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id w0iFseoRgY4P for <dots@ietfa.amsl.com>; Wed, 15 May 2019 21:15:34 -0700 (PDT)
Received: from DNVWSMAILOUT1.mcafee.com (dnvwsmailout1.mcafee.com [161.69.31.173]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 446D2120091 for <dots@ietf.org>; Wed, 15 May 2019 21:15:33 -0700 (PDT)
X-NAI-Header: Modified by McAfee Email Gateway (5500)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mcafee.com; s=s_mcafee; t=1557979693; h=From: To:CC:Subject:Thread-Topic:Thread-Index:Date: Message-ID:References:In-Reply-To:Accept-Language: Content-Language:X-MS-Has-Attach:X-MS-TNEF-Correlator: dlp-product:dlp-version:dlp-reaction:authentication-results: x-originating-ip:x-ms-publictraffictype:x-ms-office365-filtering-correlation-id: x-microsoft-antispam:x-ms-traffictypediagnostic: x-ms-exchange-purlcount:x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers:x-forefront-prvs: x-forefront-antispam-report:received-spf:x-ms-exchange-senderadcheck: x-microsoft-antispam-message-info:Content-Type: MIME-Version:X-MS-Exchange-CrossTenant-Network-Message-Id: X-MS-Exchange-CrossTenant-originalarrivaltime: X-MS-Exchange-CrossTenant-fromentityheader: X-MS-Exchange-CrossTenant-id:X-MS-Exchange-CrossTenant-mailboxtype: X-MS-Exchange-Transport-CrossTenantHeadersStamped: X-OriginatorOrg:X-NAI-Spam-Flag:X-NAI-Spam-Threshold: X-NAI-Spam-Score:X-NAI-Spam-Version; bh=o PR2hDiTaklSl/4IQ715VuITRWgfGlxupLjllhy9vo g=; b=LGoYef0Bgx61IcvP7n1pB1YSdN796dAGlx1LG/Dp4rCw k5gRvhHPo1+H7B1gBTaMJ3NvGgPqi8ygBAT6x7AoA2A4j02q40 9LRWo6ka+bMLQvp/jq63ubhGuTaWL5SzWMKkIrLKLX4xrhobxu mjUsLgXuvnjv6hIqYyNjbfp/fLE=
Received: from DNVEXAPP1N04.corpzone.internalzone.com (unknown [10.44.48.88]) by DNVWSMAILOUT1.mcafee.com with smtp (TLS: TLSv1/SSLv3,256bits,ECDHE-RSA-AES256-SHA384) id 4ec2_3cdf_6a4e1afa_deba_440f_a54d_646e2929cfbe; Wed, 15 May 2019 22:08:12 -0600
Received: from DNVEXAPP1N04.corpzone.internalzone.com (10.44.48.88) by DNVEXAPP1N04.corpzone.internalzone.com (10.44.48.88) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Wed, 15 May 2019 22:15:14 -0600
Received: from DNVO365EDGE2.corpzone.internalzone.com (10.44.176.74) by DNVEXAPP1N04.corpzone.internalzone.com (10.44.48.88) with Microsoft SMTP Server (TLS) id 15.0.1395.4 via Frontend Transport; Wed, 15 May 2019 22:15:14 -0600
Received: from NAM01-BN3-obe.outbound.protection.outlook.com (10.44.176.241) by edge.mcafee.com (10.44.176.74) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Wed, 15 May 2019 22:15:14 -0600
Received: from BYAPR16MB2790.namprd16.prod.outlook.com (20.178.233.91) by BYAPR16MB2518.namprd16.prod.outlook.com (20.177.224.211) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1878.25; Thu, 16 May 2019 04:15:11 +0000
Received: from BYAPR16MB2790.namprd16.prod.outlook.com ([fe80::a1b2:db65:869b:542d]) by BYAPR16MB2790.namprd16.prod.outlook.com ([fe80::a1b2:db65:869b:542d%6]) with mapi id 15.20.1900.010; Thu, 16 May 2019 04:15:11 +0000
From: "Konda, Tirumaleswar Reddy" <TirumaleswarReddy_Konda@McAfee.com>
To: MeiLing Chen <chenmeiling@chinamobile.com>, "mohamed.boucadair" <mohamed.boucadair@orange.com>
CC: dots <dots@ietf.org>
Thread-Topic: RE: draft-ietf-dots-signal-channel-33
Thread-Index: AQHVCv3UeAq9uKoPSkaXWamo9r4zPaZr9S/ggAES27OAAB17kA==
Date: Thu, 16 May 2019 04:15:11 +0000
Message-ID: <BYAPR16MB279025BC85543A44BF343D7FEA0A0@BYAPR16MB2790.namprd16.prod.outlook.com>
References: <2019051517083625930510@chinamobile.com>, <BYAPR16MB27906A258DCA4A2B8E5B9C88EA090@BYAPR16MB2790.namprd16.prod.outlook.com> <201905161027457150788@chinamobile.com>
In-Reply-To: <201905161027457150788@chinamobile.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
dlp-product: dlpe-windows
dlp-version: 11.2.0.6
dlp-reaction: no-action
authentication-results: spf=none (sender IP is ) smtp.mailfrom=TirumaleswarReddy_Konda@McAfee.com;
x-originating-ip: [49.37.203.65]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 710753f4-e957-4c0e-82b2-08d6d9b516d7
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600141)(711020)(4605104)(2017052603328)(7193020); SRVR:BYAPR16MB2518;
x-ms-traffictypediagnostic: BYAPR16MB2518:
x-ms-exchange-purlcount: 3
x-microsoft-antispam-prvs: <BYAPR16MB2518CADD8530A37A05576CC2EA0A0@BYAPR16MB2518.namprd16.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:7219;
x-forefront-prvs: 0039C6E5C5
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(39860400002)(376002)(346002)(396003)(136003)(366004)(189003)(199004)(32952001)(486006)(476003)(72206003)(14454004)(316002)(68736007)(446003)(7736002)(66946007)(73956011)(33656002)(186003)(66476007)(66556008)(64756008)(478600001)(66446008)(76116006)(966005)(74316002)(54896002)(6506007)(53546011)(6306002)(102836004)(9686003)(5660300002)(53936002)(99286004)(236005)(55016002)(790700001)(7696005)(6436002)(52536014)(3846002)(6116002)(606006)(6246003)(66066001)(26005)(86362001)(2906002)(229853002)(8936002)(71190400001)(71200400001)(25786009)(4326008)(11346002)(110136005)(81166006)(8676002)(81156014)(76176011)(14444005)(256004)(80792005)(5024004)(85282002); DIR:OUT; SFP:1101; SCL:1; SRVR:BYAPR16MB2518; H:BYAPR16MB2790.namprd16.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: McAfee.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: SgZsFg2sjXYCkO0C+BIhsmuOOqgytAwtUf34bKFgifpOKnl27e5z4jwivenMbRAVZXo4VJImZKtc66WNKqN0pWJNndtqFF5d+FkksLleXbi92TF9zTQoDRQQs+r85l7MZfqgqCSuXLRb5evvUDLn6FotShpBYLTEEe9Uda5G9/Cl6OTa1+k7y0YBcx493AtEvtSvdquiBBPA2yCbPoBEx4CKcAsBRhbvg/GmtgDUm0njUEGdRQRFRSh+oYH18YhdZ+dbsQ+7zh/A0TEsjhMZiYdRreeWQJ3YId3p0iuvdOKwh/0vitsJJeUnhE02KX9I41Yvc01mNFFXJLvE5VaPoZtrHlNCn5B1Y7uy8WEJLYJF7R0An4rcdNOnUDG4WU05MFPrt/gz3LEBaGbv2RelEBS1TvLcNnFUGtuT4z2Y/XA=
Content-Type: multipart/alternative; boundary="_000_BYAPR16MB279025BC85543A44BF343D7FEA0A0BYAPR16MB2790namp_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 710753f4-e957-4c0e-82b2-08d6d9b516d7
X-MS-Exchange-CrossTenant-originalarrivaltime: 16 May 2019 04:15:11.3485 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 4943e38c-6dd4-428c-886d-24932bc2d5de
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR16MB2518
X-OriginatorOrg: mcafee.com
X-NAI-Spam-Flag: NO
X-NAI-Spam-Threshold: 15
X-NAI-Spam-Score: 0
X-NAI-Spam-Version: 2.3.0.9418 : core <6547> : inlines <7080> : streams <1821658> : uri <2845032>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dots/Fgl0aulCD-akJss70HvK9-yBfso>
Subject: Re: [Dots] draft-ietf-dots-signal-channel-33
X-BeenThere: dots@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of DDoS Open Threat Signaling \(DOTS\) technology and directions." <dots.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dots>, <mailto:dots-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dots/>
List-Post: <mailto:dots@ietf.org>
List-Help: <mailto:dots-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dots>, <mailto:dots-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 May 2019 04:15:37 -0000
Enterprise networks typically have on-premise DDoS mitigation system to scrub traffic (please see the use cases discussed in https://tools.ietf.org/html/draft-ietf-dots-use-cases-17). Cheers, -Tiru From: MeiLing Chen <chenmeiling@chinamobile.com> Sent: Thursday, May 16, 2019 7:58 AM To: Konda, Tirumaleswar Reddy <TirumaleswarReddy_Konda@McAfee.com>; mohamed.boucadair <mohamed.boucadair@orange.com> Cc: dots <dots@ietf.org> Subject: Re: RE: draft-ietf-dots-signal-channel-33 CAUTION: External email. Do not click links or open attachments unless you recognize the sender and know the content is safe. ________________________________ Hi Tiru, DDoS Detector by scrubbing the traffic identifies the target and protocols used to attack the victim (e.g. if it is slowloris attack, the protocol number will be TCP (and in future UDP with QUIC)). [Meiling] "target-protocol" is contained in the mitigation request as an optional parameter, when dots client first send mitigation request to dots server, It just warning of a suspected attack, the attack have not been scrubbed. what is "DDoS Detector" ? and Is it capable of detect and disposal ddos attack? From: MeiLing Chen <chenmeiling@chinamobile.com<mailto:chenmeiling@chinamobile.com>> Sent: Wednesday, May 15, 2019 2:39 PM To: Konda, Tirumaleswar Reddy <TirumaleswarReddy_Konda@McAfee.com<mailto:TirumaleswarReddy_Konda@McAfee.com>>; mohamed.boucadair <mohamed.boucadair@orange.com<mailto:mohamed.boucadair@orange.com>> Cc: dots@ietf.org<mailto:dots@ietf.org> Subject: draft-ietf-dots-signal-channel-33 CAUTION: External email. Do not click links or open attachments unless you recognize the sender and know the content is safe. ________________________________ Hi Tiru, Med; I read draft-ietf-dots-signal-channel-33, I have a question about the parameter of target-protocol, target-protocol: A list of protocols involved in an attack. Values are taken from the IANA protocol registry [proto_numbers]. If 'target-protocol' is not specified, then the request applies to any protocol. question: how can attack-target detect the protocols involved in an attack?
- [Dots] draft-ietf-dots-signal-channel-33 MeiLing Chen
- [Dots] draft-ietf-dots-signal-channel-33: trigger… MeiLing Chen
- Re: [Dots] draft-ietf-dots-signal-channel-33: tri… mohamed.boucadair
- Re: [Dots] draft-ietf-dots-signal-channel-33 Konda, Tirumaleswar Reddy
- Re: [Dots] draft-ietf-dots-signal-channel-33 MeiLing Chen
- Re: [Dots] draft-ietf-dots-signal-channel-33: tri… MeiLing Chen
- Re: [Dots] draft-ietf-dots-signal-channel-33 Konda, Tirumaleswar Reddy
- Re: [Dots] draft-ietf-dots-signal-channel-33: tri… Panwei (William)