IETF Logo Mail Archive

Re: [Dots] DOTS Telemetry

Barry Raveendran Greene <bgreene@senki.org> Fri, 17 February 2017 13:57 UTC

Return-Path: <bgreene@senki.org>
X-Original-To: dots@ietfa.amsl.com
Delivered-To: dots@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9BD8612956B for <dots@ietfa.amsl.com>; Fri, 17 Feb 2017 05:57:42 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.286
X-Spam-Level:
X-Spam-Status: No, score=-3.286 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-1.887, RCVD_IN_SORBS_SPAM=0.5, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YKSeQjMv6xAf for <dots@ietfa.amsl.com>; Fri, 17 Feb 2017 05:57:41 -0800 (PST)
Received: from smtp86.iad3a.emailsrvr.com (smtp86.iad3a.emailsrvr.com [173.203.187.86]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7163E1294A8 for <dots@ietf.org>; Fri, 17 Feb 2017 05:57:41 -0800 (PST)
Received: from smtp35.relay.iad3a.emailsrvr.com (localhost [127.0.0.1]) by smtp35.relay.iad3a.emailsrvr.com (SMTP Server) with ESMTP id AE76259A9; Fri, 17 Feb 2017 08:57:36 -0500 (EST)
X-Auth-ID: bgreene@senki.org
Received: by smtp35.relay.iad3a.emailsrvr.com (Authenticated sender: bgreene-AT-senki.org) with ESMTPSA id 4E3E95A40; Fri, 17 Feb 2017 08:57:36 -0500 (EST)
X-Sender-Id: bgreene@senki.org
Received: from [172.16.1.3] (c-73-92-124-43.hsd1.ca.comcast.net [73.92.124.43]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384) by 0.0.0.0:587 (trex/5.7.12); Fri, 17 Feb 2017 08:57:36 -0500
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 10.2 \(3259\))
From: Barry Raveendran Greene <bgreene@senki.org>
In-Reply-To: <97d79d4e-1bdc-f45f-eb6f-874544a9c05d@nttv6.jp>
Date: Fri, 17 Feb 2017 05:57:35 -0800
Content-Transfer-Encoding: quoted-printable
Message-Id: <4CE6428E-1FD6-4E6D-A2FB-B27B5A85C579@senki.org>
References: <AF69B704-0C37-4B22-85CC-81406CDB876A@verisign.com> <8e4b578e-c96e-60f1-244a-f648067dcad5@cisco.com> <BB99BF0B-3B9F-45C1-A197-780F67ECBED1@arbor.net> <97d79d4e-1bdc-f45f-eb6f-874544a9c05d@nttv6.jp>
To: kaname nishizuka <kaname@nttv6.jp>
X-Mailer: Apple Mail (2.3259)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dots/YuiMqk37qafKt_iXHBJpQRfO9vs>
Cc: Roland Dobbins <rdobbins@arbor.net>, dots <dots@ietf.org>
Subject: Re: [Dots] DOTS Telemetry
X-BeenThere: dots@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "List for discussion of DDoS Open Threat Signaling \(DOTS\) technology and directions." <dots.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dots>, <mailto:dots-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dots/>
List-Post: <mailto:dots@ietf.org>
List-Help: <mailto:dots-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dots>, <mailto:dots-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 17 Feb 2017 13:57:42 -0000

> On Feb 17, 2017, at 5:13 AM, kaname nishizuka <kaname@nttv6.jp> wrote:
> 
> I think DOTS is mainly about volumetric DDoS attacks because it is concerning about the hostile condition of upper circuit.
> If DOTS protocol can convey volumetric information in its spec, it is reasonable and can relief operators who are interested in using it.

On the Telemetry side, this sort of information is NOT going to make a dent in the problem. We need information that would contribute to a trackback and backtrace to a DOS attack. 

For the people who really mitigate attacks, the most tedious part of the process is calling each of their peers for whom the attack is inbound from, then working with them to trace back to that peer’s entry point. From there, the next upstream point of the attack. Then getting into the ASN to find the origin points. If the ASN has the tools turned on the router to do traffic engineering and traffic analytics for business/planning, then they also have the tools to run the tracebacks. That would be an ideal tools for DOTS Telemetry to “ask for information.”

This was done in TIDP/TMS. So it can be done.

v2.23.0 | Report a Bug | By Email