Re: [Dots] draft-ietf-dots-signal-channel-33
"Konda, Tirumaleswar Reddy" <TirumaleswarReddy_Konda@McAfee.com> Wed, 15 May 2019 13:00 UTC
Return-Path: <TirumaleswarReddy_Konda@mcafee.com>
X-Original-To: dots@ietfa.amsl.com
Delivered-To: dots@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1600E1200CC for <dots@ietfa.amsl.com>; Wed, 15 May 2019 06:00:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.31
X-Spam-Level:
X-Spam-Status: No, score=-4.31 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=mcafee.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ORZmcs1wxWlX for <dots@ietfa.amsl.com>; Wed, 15 May 2019 06:00:55 -0700 (PDT)
Received: from DNVWSMAILOUT1.mcafee.com (dnvwsmailout1.mcafee.com [161.69.31.173]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6FF651200BA for <dots@ietf.org>; Wed, 15 May 2019 06:00:55 -0700 (PDT)
X-NAI-Header: Modified by McAfee Email Gateway (5500)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mcafee.com; s=s_mcafee; t=1557924805; h=From: To:CC:Subject:Thread-Topic:Thread-Index:Date: Message-ID:References:In-Reply-To:Accept-Language: Content-Language:X-MS-Has-Attach:X-MS-TNEF-Correlator: dlp-product:dlp-version:dlp-reaction:authentication-results: x-originating-ip:x-ms-publictraffictype:x-ms-office365-filtering-correlation-id: x-microsoft-antispam:x-ms-traffictypediagnostic: x-ms-exchange-purlcount:x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers:x-forefront-prvs: x-forefront-antispam-report:received-spf:x-ms-exchange-senderadcheck: x-microsoft-antispam-message-info:Content-Type: MIME-Version:X-MS-Exchange-CrossTenant-Network-Message-Id: X-MS-Exchange-CrossTenant-originalarrivaltime: X-MS-Exchange-CrossTenant-fromentityheader: X-MS-Exchange-CrossTenant-id:X-MS-Exchange-CrossTenant-mailboxtype: X-MS-Exchange-Transport-CrossTenantHeadersStamped: X-OriginatorOrg:X-NAI-Spam-Flag:X-NAI-Spam-Threshold: X-NAI-Spam-Score:X-NAI-Spam-Version; bh=C xoMFkixPq+J9hVkEXALCiq8Mw72jlryTcPBwmUhOM M=; b=kM/V4xOp8NvKKoLtcFKoPzbgwarocSuHzpk59tgPy0Gd dwdinGoxiNj/X8p0TE3ilJ+DDANX6A9YU8WGMzAAE98jGFYlBp 76P0aR1ZD35WD1/DNa93ysIUuWKRZflyUou8nz6dg3a0rxTjwP ROmdCiNMUpY9z3q99oMuD3FTnPs=
Received: from DNVEXAPP1N05.corpzone.internalzone.com (unknown [10.44.48.89]) by DNVWSMAILOUT1.mcafee.com with smtp (TLS: TLSv1/SSLv3,256bits,ECDHE-RSA-AES256-SHA384) id 4eec_688a_9a298d4c_038a_4782_8e87_d4d09a156d3a; Wed, 15 May 2019 06:53:25 -0600
Received: from DNVEXAPP1N04.corpzone.internalzone.com (10.44.48.88) by DNVEXAPP1N05.corpzone.internalzone.com (10.44.48.89) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Wed, 15 May 2019 07:00:26 -0600
Received: from DNVO365EDGE2.corpzone.internalzone.com (10.44.176.74) by DNVEXAPP1N04.corpzone.internalzone.com (10.44.48.88) with Microsoft SMTP Server (TLS) id 15.0.1395.4 via Frontend Transport; Wed, 15 May 2019 07:00:26 -0600
Received: from NAM04-SN1-obe.outbound.protection.outlook.com (10.44.176.240) by edge.mcafee.com (10.44.176.74) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Wed, 15 May 2019 07:00:10 -0600
Received: from BYAPR16MB2790.namprd16.prod.outlook.com (20.178.233.91) by BYAPR16MB2438.namprd16.prod.outlook.com (20.177.226.20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1878.25; Wed, 15 May 2019 13:00:09 +0000
Received: from BYAPR16MB2790.namprd16.prod.outlook.com ([fe80::a1b2:db65:869b:542d]) by BYAPR16MB2790.namprd16.prod.outlook.com ([fe80::a1b2:db65:869b:542d%6]) with mapi id 15.20.1900.010; Wed, 15 May 2019 13:00:09 +0000
From: "Konda, Tirumaleswar Reddy" <TirumaleswarReddy_Konda@McAfee.com>
To: MeiLing Chen <chenmeiling@chinamobile.com>, "mohamed.boucadair" <mohamed.boucadair@orange.com>
CC: "dots@ietf.org" <dots@ietf.org>
Thread-Topic: draft-ietf-dots-signal-channel-33
Thread-Index: AQHVCv3UeAq9uKoPSkaXWamo9r4zPaZr9S/g
Date: Wed, 15 May 2019 13:00:09 +0000
Message-ID: <BYAPR16MB27906A258DCA4A2B8E5B9C88EA090@BYAPR16MB2790.namprd16.prod.outlook.com>
References: <2019051517083625930510@chinamobile.com>
In-Reply-To: <2019051517083625930510@chinamobile.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
dlp-product: dlpe-windows
dlp-version: 11.2.0.6
dlp-reaction: no-action
authentication-results: spf=none (sender IP is ) smtp.mailfrom=TirumaleswarReddy_Konda@McAfee.com;
x-originating-ip: [49.37.203.65]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: b9c8cbf8-d91b-4758-70c1-08d6d935429d
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600141)(711020)(4605104)(2017052603328)(7193020); SRVR:BYAPR16MB2438;
x-ms-traffictypediagnostic: BYAPR16MB2438:
x-ms-exchange-purlcount: 2
x-microsoft-antispam-prvs: <BYAPR16MB24385027307E00C00D52190DEA090@BYAPR16MB2438.namprd16.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:8882;
x-forefront-prvs: 0038DE95A2
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(39860400002)(346002)(136003)(396003)(376002)(366004)(32952001)(189003)(199004)(53936002)(68736007)(229853002)(102836004)(53546011)(9686003)(26005)(25786009)(6246003)(14454004)(81156014)(8676002)(71200400001)(81166006)(8936002)(71190400001)(72206003)(4326008)(478600001)(33656002)(55016002)(6306002)(54896002)(186003)(6436002)(7736002)(6506007)(86362001)(790700001)(446003)(11346002)(74316002)(5024004)(14444005)(256004)(66446008)(66946007)(99286004)(66476007)(66556008)(76116006)(73956011)(64756008)(486006)(66066001)(110136005)(476003)(6116002)(3846002)(7696005)(76176011)(52536014)(2906002)(316002)(5660300002)(80792005)(85282002); DIR:OUT; SFP:1101; SCL:1; SRVR:BYAPR16MB2438; H:BYAPR16MB2790.namprd16.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: McAfee.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: TS068XxiVI6JR9Z90Q+1nL2S5lIUoe/XyajA9uGAuPwz9+I6zCWqvps/KGhOM+x7LEKBiiA2UksUiG+bTT6Ie9g/g3Cnd85qkz0x+7xA7WncUBX/ZhoAtcFU1X+0r6m9z0Xc9K2s++BYfOZmIY8x5rvVfERXLcS/gV+O+U6K+k62fvD4zKYmQGlbGJ6xEG9zPfAS5tjpHEHZjODAN5us0jDUlkIanMLMJ4ElWPvARZgnJ4zxdgNvjsFJqlIrKLju3LvHt862kcsFrUQfFsDWbxvgGuikjJynrTwDauqpMvba7VUldkXBSHhXfqb72Ha0FFgx0A7laFP8e0NZnJYWBh4riWgVJc8yuRNWnzGKtmNUFb9slcQtr34PTKFJtHNrBH11Qqa+n7yJU7bGSkjjJBTjhzqHc05dvFHIUfPQo7c=
Content-Type: multipart/alternative; boundary="_000_BYAPR16MB27906A258DCA4A2B8E5B9C88EA090BYAPR16MB2790namp_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: b9c8cbf8-d91b-4758-70c1-08d6d935429d
X-MS-Exchange-CrossTenant-originalarrivaltime: 15 May 2019 13:00:09.2223 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 4943e38c-6dd4-428c-886d-24932bc2d5de
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR16MB2438
X-OriginatorOrg: mcafee.com
X-NAI-Spam-Flag: NO
X-NAI-Spam-Threshold: 15
X-NAI-Spam-Score: 0
X-NAI-Spam-Version: 2.3.0.9418 : core <6547> : inlines <7077> : streams <1821597> : uri <2844780>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dots/Newnb-7qw6sU8NFXQjzS92x6NvQ>
Subject: Re: [Dots] draft-ietf-dots-signal-channel-33
X-BeenThere: dots@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of DDoS Open Threat Signaling \(DOTS\) technology and directions." <dots.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dots>, <mailto:dots-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dots/>
List-Post: <mailto:dots@ietf.org>
List-Help: <mailto:dots-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dots>, <mailto:dots-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 May 2019 13:00:58 -0000
DDoS Detector by scrubbing the traffic identifies the target and protocols used to attack the victim (e.g. if it is slowloris attack, the protocol number will be TCP (and in future UDP with QUIC)). Cheers, -Tiru From: MeiLing Chen <chenmeiling@chinamobile.com> Sent: Wednesday, May 15, 2019 2:39 PM To: Konda, Tirumaleswar Reddy <TirumaleswarReddy_Konda@McAfee.com>; mohamed.boucadair <mohamed.boucadair@orange.com> Cc: dots@ietf.org Subject: draft-ietf-dots-signal-channel-33 CAUTION: External email. Do not click links or open attachments unless you recognize the sender and know the content is safe. ________________________________ Hi Tiru, Med; I read draft-ietf-dots-signal-channel-33, I have a question about the parameter of target-protocol, target-protocol: A list of protocols involved in an attack. Values are taken from the IANA protocol registry [proto_numbers]. If 'target-protocol' is not specified, then the request applies to any protocol. question: how can attack-target detect the protocols involved in an attack?
- [Dots] draft-ietf-dots-signal-channel-33 MeiLing Chen
- [Dots] draft-ietf-dots-signal-channel-33: trigger… MeiLing Chen
- Re: [Dots] draft-ietf-dots-signal-channel-33: tri… mohamed.boucadair
- Re: [Dots] draft-ietf-dots-signal-channel-33 Konda, Tirumaleswar Reddy
- Re: [Dots] draft-ietf-dots-signal-channel-33 MeiLing Chen
- Re: [Dots] draft-ietf-dots-signal-channel-33: tri… MeiLing Chen
- Re: [Dots] draft-ietf-dots-signal-channel-33 Konda, Tirumaleswar Reddy
- Re: [Dots] draft-ietf-dots-signal-channel-33: tri… Panwei (William)