IETF Logo Mail Archive

Re: [Dots] Questions about draft-doron-dots-telemetry-00

Ehud Doron <EhudD@Radware.com> Thu, 17 November 2016 15:04 UTC

Return-Path: <EhudD@Radware.com>
X-Original-To: dots@ietfa.amsl.com
Delivered-To: dots@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5642E12959A for <dots@ietfa.amsl.com>; Thu, 17 Nov 2016 07:04:32 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.398
X-Spam-Level:
X-Spam-Status: No, score=-3.398 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-1.497, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QJGWBG89kiC1 for <dots@ietfa.amsl.com>; Thu, 17 Nov 2016 07:04:30 -0800 (PST)
Received: from mailout1.radware.com (mailout1.radware.com [192.115.180.130]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1FBCE12948E for <dots@ietf.org>; Thu, 17 Nov 2016 07:04:30 -0800 (PST)
Received: from ILMB1.corp.radware.com ([169.254.1.134]) by ILCAS1.corp.radware.com ([176.200.120.121]) with mapi id 14.03.0210.002; Thu, 17 Nov 2016 17:04:28 +0200
From: Ehud Doron <EhudD@Radware.com>
To: Roland Dobbins <rdobbins@arbor.net>, dots <dots@ietf.org>
Thread-Topic: [Dots] Questions about draft-doron-dots-telemetry-00
Thread-Index: AdI7wYm473OfPCFJSFe1ONIXj1qG/gCjJvCA///tvYD//O378IAHIgyA//7tM5A=
Date: Thu, 17 Nov 2016 15:04:28 +0000
Message-ID: <E58182C4A35A8E498E553AD3D33FA00101170E43F2@ILMB1.corp.radware.com>
References: <359EC4B99E040048A7131E0F4E113AFC0104EAE8B8@marathon> <E58182C4A35A8E498E553AD3D33FA00101170E0067@ILMB1.corp.radware.com> <14E9BCB6-D522-4877-84E5-4589472B3CEC@arbor.net> <E58182C4A35A8E498E553AD3D33FA00101170E325A@ILMB1.corp.radware.com> <27D8FF07-7140-478F-AD26-64B5A1B7102D@arbor.net>
In-Reply-To: <27D8FF07-7140-478F-AD26-64B5A1B7102D@arbor.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [176.200.121.200]
x-tm-as-product-ver: SMEX-11.0.0.4179-8.000.1202-22704.007
x-tm-as-result: No--48.517100-0.000000-31
x-tm-as-user-approved-sender: Yes
x-tm-as-user-blocked-sender: No
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/dots/OeB4Gp95r8u-pBqkWYucbS51ikk>
Subject: Re: [Dots] Questions about draft-doron-dots-telemetry-00
X-BeenThere: dots@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "List for discussion of DDoS Open Threat Signaling \(DOTS\) technology and directions." <dots.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dots>, <mailto:dots-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dots/>
List-Post: <mailto:dots@ietf.org>
List-Help: <mailto:dots-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dots>, <mailto:dots-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Nov 2016 15:04:32 -0000

Roland Hi

Let me please clarify, we are not trying to argue that DOTS Telemetry should be used to detect DDoS attacks, this is definitely not the case. 

We are talking about the overall needs to mutually signal telemetry about ongoing attacks that DOTS Client asks Server to mitigate upstream.  

As said, the ultimate objective is to optimize the anti-DoS service provisioned using DOTS signaling, and not to detect the attacks.

Thanks, 
Ehud Doron |  Senior Architect, Radware CTO office | M: +972-54-7575503 | T: +972-72-3917120




-----Original Message-----
From: Dots [mailto:dots-bounces@ietf.org] On Behalf Of Roland Dobbins
Sent: Thursday, November 17, 2016 1:05 AM
To: dots <dots@ietf.org>
Subject: Re: [Dots] Questions about draft-doron-dots-telemetry-00

On 16 Nov 2016, at 23:30, Ehud Doron wrote:

> Getting deeper, having comprehensive telemetry about the ongoing 
> attacks will improve the overall mitigation accomplished,

There's already lots of telemetry out there that's used every day to detect, classify, and traceback DDoS attacks.

It is orthogonal to signaling for DDoS mitigation assistance and providing status updates regarding same.

-----------------------------------
Roland Dobbins <rdobbins@arbor.net>

_______________________________________________
Dots mailing list
Dots@ietf.org
https://www.ietf.org/mailman/listinfo/dots

v2.23.0 | Report a Bug | By Email