Re: [Dots] WGLC for draft-dots-use-cases-19

"Konda, Tirumaleswar Reddy" <TirumaleswarReddy_Konda@McAfee.com> Tue, 06 August 2019 08:14 UTC

Return-Path: <tirumaleswarreddy_konda@mcafee.com>
X-Original-To: dots@ietfa.amsl.com
Delivered-To: dots@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B75CD12013D for <dots@ietfa.amsl.com>; Tue, 6 Aug 2019 01:14:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.301
X-Spam-Level:
X-Spam-Status: No, score=-4.301 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=mcafee.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id t4S3qEooq2RZ for <dots@ietfa.amsl.com>; Tue, 6 Aug 2019 01:14:51 -0700 (PDT)
Received: from us-smtp-delivery-140.mimecast.com (us-smtp-delivery-140.mimecast.com [63.128.21.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 64834120121 for <dots@ietf.org>; Tue, 6 Aug 2019 01:14:51 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mcafee.com; s=mimecast20190606; t=1565079290; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=so/0vx7H+eAbRe+yb+SNdc8GzDMkEro0Y9LFDChvG70=; b=Db0zWHeE8ZzFChpCzyTffsLidkZ/7Tv1s0/6amW+WQZ7d6+/PuIgw6awNvExgn7gEzpo2X Um/PxFdW63TMnXd4aEkOY5lYr19gNGfVxtD8NBiOw7EN6VfcH9fJthHxo3PbKGxxtaQT4b +KYt8jzswDae6xoAubx6Ex9PFbUyIrI=
Received: from MIVWSMAILOUT1.mcafee.com (mivwsmailout1.mcafee.com [161.69.47.167]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-282-X6YjqYU_NyKcQKHUUSKWZQ-1; Tue, 06 Aug 2019 04:14:46 -0400
Received: from DNVEXAPP1N06.corpzone.internalzone.com (DNVEXAPP1N06.corpzone.internalzone.com [10.44.48.90]) by MIVWSMAILOUT1.mcafee.com with smtp (TLS: TLSv1/SSLv3,256bits,ECDHE-RSA-AES256-SHA384) id 6975_090f_26101306_8625_4528_b391_b45c3ae052b5; Tue, 06 Aug 2019 04:15:27 -0400
Received: from DNVEXAPP1N04.corpzone.internalzone.com (10.44.48.88) by DNVEXAPP1N06.corpzone.internalzone.com (10.44.48.90) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Tue, 6 Aug 2019 02:14:08 -0600
Received: from DNVO365EDGE1.corpzone.internalzone.com (10.44.176.66) by DNVEXAPP1N04.corpzone.internalzone.com (10.44.48.88) with Microsoft SMTP Server (TLS) id 15.0.1395.4 via Frontend Transport; Tue, 6 Aug 2019 02:14:08 -0600
Received: from NAM02-BL2-obe.outbound.protection.outlook.com (10.44.176.240) by edge.mcafee.com (10.44.176.66) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Tue, 6 Aug 2019 02:14:06 -0600
Received: from DM5PR16MB1705.namprd16.prod.outlook.com (10.172.44.147) by DM5PR16MB1625.namprd16.prod.outlook.com (10.172.47.135) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2136.20; Tue, 6 Aug 2019 08:14:06 +0000
Received: from DM5PR16MB1705.namprd16.prod.outlook.com ([fe80::532:f001:84e1:55ba]) by DM5PR16MB1705.namprd16.prod.outlook.com ([fe80::532:f001:84e1:55ba%10]) with mapi id 15.20.2136.018; Tue, 6 Aug 2019 08:14:06 +0000
From: "Konda, Tirumaleswar Reddy" <TirumaleswarReddy_Konda@McAfee.com>
To: "mohamed.boucadair@orange.com" <mohamed.boucadair@orange.com>, "Valery Smyslov" <valery@smyslov.net>, "dots@ietf.org" <dots@ietf.org>
CC: "Xialiang (Frank, Network Standard & Patent Dept)" <frank.xialiang@huawei.com>
Thread-Topic: [Dots] WGLC for draft-dots-use-cases-19
Thread-Index: AdVMHvzhmt/V33ByRr+d368GCi1ExgABDh/gAAA/2oAAAmsFAA==
Date: Tue, 6 Aug 2019 08:14:06 +0000
Message-ID: <DM5PR16MB170555606E26709FC5C54AA4EAD50@DM5PR16MB1705.namprd16.prod.outlook.com>
References: <00b001d54c1f$d57799e0$8066cda0$@smyslov.net> <DM5PR16MB17050571BAD70FACA597FA6CEAD50@DM5PR16MB1705.namprd16.prod.outlook.com> <787AE7BB302AE849A7480A190F8B9330312FDB17@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
In-Reply-To: <787AE7BB302AE849A7480A190F8B9330312FDB17@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
dlp-product: dlpe-windows
dlp-version: 11.3.0.17
dlp-reaction: no-action
x-originating-ip: [49.37.202.60]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: c4ff5356-3b8a-4f40-c574-08d71a460d30
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(2017052603328)(7193020); SRVR:DM5PR16MB1625;
x-ms-traffictypediagnostic: DM5PR16MB1625:
x-ms-exchange-purlcount: 2
x-microsoft-antispam-prvs: <DM5PR16MB162557CE8DF2C89D913DE7C5EAD50@DM5PR16MB1625.namprd16.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 0121F24F22
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(366004)(376002)(39860400002)(136003)(396003)(346002)(189003)(199004)(13464003)(32952001)(66556008)(8676002)(7696005)(9686003)(76176011)(316002)(2501003)(53936002)(81156014)(33656002)(6306002)(3846002)(6116002)(55016002)(99286004)(229853002)(2906002)(186003)(110136005)(81166006)(25786009)(26005)(478600001)(8936002)(6436002)(68736007)(966005)(446003)(66446008)(11346002)(305945005)(7736002)(14454004)(53546011)(476003)(52536014)(102836004)(4326008)(74316002)(86362001)(5660300002)(486006)(66066001)(80792005)(19627235002)(6506007)(64756008)(71200400001)(256004)(6246003)(66476007)(66946007)(66574012)(76116006)(14444005)(71190400001)(5024004)(85282002); DIR:OUT; SFP:1101; SCL:1; SRVR:DM5PR16MB1625; H:DM5PR16MB1705.namprd16.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: 8iyJQP7dtAIoRzEZ6i+i4qa09UNN02mwNbuzg86d9Rg0i3IOHl//+TNBXq9M16EbMzs9+9lMyHgWrhwtw0EyxgVeOBnVAiNMMzzRO7ek/Z+Vo+gYYqcD86oMj86F4QV5eVGf8qu+vlFFphjBnNpocOGdsoGS+73GFB8WWLH56Xm9WEK5mAPPgT3lzVIXXWz280kH/xqc2rFDvtvMjOZLhb58rPy7acMP0qUJgmdraJstbNuDqLtR05R8jrhxtnAflz2aFGMbFnqT+xWq8sYjfV0ITRhmjLegneM27PBg9IEkRI2LoRtb6DXoZxezE2urhG/WeHHMU3kSupGjZQP7jd/CcUj2MP4HJ1Q0sD7xejo4VOwMHb7l8OKAP2+IiCBreIe/OlDznjq1KecY3oPW4lkhTN2uh4Pft1z+4qixPHY=
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: c4ff5356-3b8a-4f40-c574-08d71a460d30
X-MS-Exchange-CrossTenant-originalarrivaltime: 06 Aug 2019 08:14:06.6557 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 4943e38c-6dd4-428c-886d-24932bc2d5de
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: TirumaleswarReddy_Konda@McAfee.com
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR16MB1625
X-OriginatorOrg: mcafee.com
X-NAI-Spam-Flag: NO
X-NAI-Spam-Level:
X-NAI-Spam-Threshold: 15
X-NAI-Spam-Score: 0.1
X-NAI-Spam-Version: 2.3.0.9418 : core <6605> : inlines <7131> : streams <1829508> : uri <2879036>
X-MC-Unique: X6YjqYU_NyKcQKHUUSKWZQ-1
X-Mimecast-Spam-Score: 0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: base64
Archived-At: <https://mailarchive.ietf.org/arch/msg/dots/KFl2r4stb4VG9Og7h1SWZBE1eYk>
Subject: Re: [Dots] WGLC for draft-dots-use-cases-19
X-BeenThere: dots@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of DDoS Open Threat Signaling \(DOTS\) technology and directions." <dots.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dots>, <mailto:dots-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dots/>
List-Post: <mailto:dots@ietf.org>
List-Help: <mailto:dots-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dots>, <mailto:dots-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Aug 2019 08:14:54 -0000

Hi Med,

No, the orchestrator is not ignoring the mitigation hints. It is sending filtering rules to block or rate-limit traffic to routers (last but one line in the new paragraph). The adverse impact is legitimate users whose IP addresses were spoofed 
cannot access the services of the target server.  

Cheers,
-Tiru

> -----Original Message-----
> From: mohamed.boucadair@orange.com
> <mohamed.boucadair@orange.com>;
> Sent: Tuesday, August 6, 2019 12:50 PM
> To: Konda, Tirumaleswar Reddy
> <TirumaleswarReddy_Konda@McAfee.com>;; Valery Smyslov
> <valery@smyslov.net>;; dots@ietf.org
> Cc: Xialiang (Frank, Network Standard & Patent Dept)
> <frank.xialiang@huawei.com>;
> Subject: RE: [Dots] WGLC for draft-dots-use-cases-19
> 
> This email originated from outside of the organization. Do not click links or
> open attachments unless you recognize the sender and know the content is
> safe.
> 
> Hi Tiru,
> 
> The NEW text indicates the following:
> 
> ==
>    In addition to the above DDoS Orchestration, the selected DDoS
>    mitigation systems can return back a mitigation request to the
>    orchestrator as an offloading.
>                      ^^^^^^^^^^^
>    ....
>    the DDoS mitigation system can send mitigation requests
>    with additional hints such as its blocked traffic information to the
>                                  ^^^^^^^^^^^^^^^^^^^^^^^^^^
>    orchestrator.
> ==
> 
> Which means that the DMS is blocking that traffic based on "some"
> information. That same information is passed to an orchestrator so that it can
> filter the traffic. What changes is ** how/where ** filters are installed.
> 
> Like the interface with a mitigator, the interface between the controller and
> underlying routers is out of scope.
> 
> From a DOTS perspective, the information supplied by the DMS to an
> Orchestrator is considered as "additional hints" which is adhering to RFC8612:
> 
> ==
>    GEN-004  Mitigation Hinting: DOTS clients may have access to attack
>       details that can be used to inform mitigation techniques.  Example
>       attack details might include locally collected fingerprints for an
>       on-going attack, or anticipated or active attack focal points
>       based on other threat intelligence.  DOTS clients MAY send
>       mitigation hints derived from attack details to DOTS servers, with
>       the full understanding that the DOTS server MAY ignore mitigation
>       hints.
> ==
> 
> I don't think there are new security considerations induced by the NEW text.
> 
> Cheers,
> Med
> 
> > -----Message d'origine-----
> > De : Dots [mailto:dots-bounces@ietf.org] De la part de Konda,
> > Tirumaleswar Reddy Envoyé : mardi 6 août 2019 08:52 À : Valery
> > Smyslov; dots@ietf.org Cc : Xialiang (Frank, Network Standard & Patent
> > Dept) Objet : Re: [Dots] WGLC for draft-dots-use-cases-19
> >
> > The security implications of the new use case need to be discussed in
> > the draft, please see https://mailarchive.ietf.org/arch/msg/dots/tb-
> > 1ojJ6TmSmRUci6JoUeD-gB1Y
> >
> > Cheers,
> > -Tiru
> >
> > > -----Original Message-----
> > > From: Dots <dots-bounces@ietf.org>; On Behalf Of Valery Smyslov
> > > Sent: Tuesday, August 6, 2019 11:56 AM
> > > To: dots@ietf.org
> > > Cc: Xialiang (Frank, Network Standard & Patent Dept)
> > > <frank.xialiang@huawei.com>;
> > > Subject: [Dots] WGLC for draft-dots-use-cases-19
> > >
> > >
> > >
> > > Hi,
> > >
> > > this message starts a short WGLC for draft-ietf-dots-use-cases-19 to
> > confirm
> > > the WG consensus regarding the latest addition of a new use case to
> > > the draft.
> > > The WGLS will last one week and will end on Tuesday, 13 August.
> > >
> > > Regards,
> > > Frank & Valery.
> > >
> > > _______________________________________________
> > > Dots mailing list
> > > Dots@ietf.org
> > > https://www.ietf.org/mailman/listinfo/dots
> >
> > _______________________________________________
> > Dots mailing list
> > Dots@ietf.org
> > https://www.ietf.org/mailman/listinfo/dots