Re: [Dots] Attack-bandwidth expansion: more discussion

"Konda, Tirumaleswar Reddy" <TirumaleswarReddy_Konda@McAfee.com> Mon, 01 April 2019 13:37 UTC

Return-Path: <TirumaleswarReddy_Konda@mcafee.com>
X-Original-To: dots@ietfa.amsl.com
Delivered-To: dots@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9E1EF12011D for <dots@ietfa.amsl.com>; Mon, 1 Apr 2019 06:37:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.3
X-Spam-Level:
X-Spam-Status: No, score=-4.3 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=mcafee.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CYLf6T4YSGhP for <dots@ietfa.amsl.com>; Mon, 1 Apr 2019 06:37:22 -0700 (PDT)
Received: from DNVWSMAILOUT1.mcafee.com (dnvwsmailout1.mcafee.com [161.69.31.173]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 64B58120110 for <dots@ietf.org>; Mon, 1 Apr 2019 06:37:22 -0700 (PDT)
X-NAI-Header: Modified by McAfee Email Gateway (5500)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mcafee.com; s=s_mcafee; t=1554125564; h=From: To:Subject:Thread-Topic:Thread-Index:Date: Message-ID:References:In-Reply-To:Accept-Language: Content-Language:X-MS-Has-Attach:X-MS-TNEF-Correlator: dlp-product:dlp-version:dlp-reaction:authentication-results: x-originating-ip:x-ms-publictraffictype:x-ms-office365-filtering-correlation-id: x-microsoft-antispam:x-ms-traffictypediagnostic: x-ms-exchange-purlcount:x-microsoft-antispam-prvs: x-forefront-prvs:x-forefront-antispam-report: received-spf:x-ms-exchange-senderadcheck:x-microsoft-antispam-message-info: Content-Type:MIME-Version:X-MS-Exchange-CrossTenant-Network-Message-Id: X-MS-Exchange-CrossTenant-originalarrivaltime: X-MS-Exchange-CrossTenant-fromentityheader: X-MS-Exchange-CrossTenant-id:X-MS-Exchange-CrossTenant-mailboxtype: X-MS-Exchange-Transport-CrossTenantHeadersStamped: X-OriginatorOrg:X-NAI-Spam-Flag:X-NAI-Spam-Threshold: X-NAI-Spam-Score:X-NAI-Spam-Version; bh=3 gWlo1S/UAY9yEiJB+iwYXaD96Xmg8G7n6H9bRaJn6 Q=; b=HFG0HPsy/xW8MuIUTPZM+jWonPvt073CGdvZJVhmW0m4 TelC73lCuqlxHoZ7XT9yNMIo7NzpXzojr4Wc+RguJ3N1RwFSep O0eCgkeZ496V1FxAtX29RwvYDXDaQD8aKgUBwylC3i78p5dd0N 7Up0wHOk97lF6CL9mv99+zmO1Ig=
Received: from DNVEXAPP1N05.corpzone.internalzone.com (unknown [10.44.48.89]) by DNVWSMAILOUT1.mcafee.com with smtp (TLS: TLSv1/SSLv3,256bits,ECDHE-RSA-AES256-SHA384) id 5ca0_f6b0_70ca96dc_0c13_490c_bd89_ccc9c6317534; Mon, 01 Apr 2019 07:32:44 -0600
Received: from DNVEXAPP1N04.corpzone.internalzone.com (10.44.48.88) by DNVEXAPP1N05.corpzone.internalzone.com (10.44.48.89) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Mon, 1 Apr 2019 07:37:08 -0600
Received: from DNVO365EDGE1.corpzone.internalzone.com (10.44.176.66) by DNVEXAPP1N04.corpzone.internalzone.com (10.44.48.88) with Microsoft SMTP Server (TLS) id 15.0.1395.4 via Frontend Transport; Mon, 1 Apr 2019 07:37:08 -0600
Received: from NAM03-DM3-obe.outbound.protection.outlook.com (10.44.176.242) by edge.mcafee.com (10.44.176.66) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Mon, 1 Apr 2019 07:37:05 -0600
Received: from BYAPR16MB2790.namprd16.prod.outlook.com (20.178.233.91) by BYAPR16MB2726.namprd16.prod.outlook.com (20.178.232.80) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1750.22; Mon, 1 Apr 2019 13:37:06 +0000
Received: from BYAPR16MB2790.namprd16.prod.outlook.com ([fe80::959f:8bd7:8c34:238d]) by BYAPR16MB2790.namprd16.prod.outlook.com ([fe80::959f:8bd7:8c34:238d%6]) with mapi id 15.20.1750.021; Mon, 1 Apr 2019 13:37:06 +0000
From: "Konda, Tirumaleswar Reddy" <TirumaleswarReddy_Konda@McAfee.com>
To: =?utf-8?B?6ZmI576O546y?= <chenmeiling@chinamobile.com>, dots <dots@ietf.org>
Thread-Topic: [Dots] Attack-bandwidth expansion: more discussion
Thread-Index: AQHU5h+xrX4SeVf6U0ySGUHQ6MNCN6YnUh3g
Date: Mon, 1 Apr 2019 13:37:06 +0000
Message-ID: <BYAPR16MB2790DB27C3CAF49D6B87955BEA550@BYAPR16MB2790.namprd16.prod.outlook.com>
References: <2afb5c9deef06d0-00008.Richmail.00007050166234752489@chinamobile.com>
In-Reply-To: <2afb5c9deef06d0-00008.Richmail.00007050166234752489@chinamobile.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
dlp-product: dlpe-windows
dlp-version: 11.2.0.6
dlp-reaction: no-action
authentication-results: spf=none (sender IP is ) smtp.mailfrom=TirumaleswarReddy_Konda@McAfee.com;
x-originating-ip: [49.37.205.163]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 536cb635-f424-48fa-50ef-08d6b6a72216
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(5600139)(711020)(4605104)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(2017052603328)(7153060)(7193020); SRVR:BYAPR16MB2726;
x-ms-traffictypediagnostic: BYAPR16MB2726:
x-ms-exchange-purlcount: 3
x-microsoft-antispam-prvs: <BYAPR16MB27265F9ECDFD2429C374AB75EA550@BYAPR16MB2726.namprd16.prod.outlook.com>
x-forefront-prvs: 0994F5E0C5
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(136003)(376002)(346002)(396003)(39860400002)(366004)(32952001)(53754006)(189003)(199004)(86362001)(606006)(25786009)(7696005)(9686003)(236005)(53936002)(476003)(486006)(11346002)(74316002)(446003)(106356001)(105586002)(81156014)(7736002)(316002)(5660300002)(52536014)(55016002)(6306002)(99286004)(8936002)(81166006)(6246003)(110136005)(8676002)(26005)(186003)(76176011)(6506007)(53546011)(102836004)(14454004)(68736007)(80792005)(54896002)(2906002)(97736004)(966005)(256004)(66066001)(5024004)(72206003)(33656002)(71190400001)(478600001)(71200400001)(3846002)(6116002)(6436002)(229853002)(790700001)(85282002); DIR:OUT; SFP:1101; SCL:1; SRVR:BYAPR16MB2726; H:BYAPR16MB2790.namprd16.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: McAfee.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: zR4tBTVUn0MdwvpiaOoOmElJ2/WkQL98YbAdApWDdU3ZcOYpuhA7uFaxbCPsh5c/auLjKZ2RQYlfh2BmfTJYogr8AusDhWCh98qEp7LPK+r0uO4suPsBtH9DuT7PnKS8kZq6YXpeXLJO+GY+l6udVCteXvXhwCqg/7PItUGBsL0la/zvzKKYglC62Kuk5IEV3BQfBMyAsD/GXqqSf7MtbN+TP04vNNbawhM/P3UnZOuqAbqPaPG1PAr1zHKLCtmwiZ0eIKrrLvBSOgN9t38rdX4/dsZGmfAetL1q3BRsbE1ric91kb9fd0xQpv6oX/MK5/haZNvPLQllxSsUUfPf6rElYNyB9hlKaVyn6RQhKAUPddrTAsnuTY90uvVuH9gwFoRUWXDGRL4sCKOtPEOPEOs2yuGN5JPJ7mbUpCa4oJ8=
Content-Type: multipart/alternative; boundary="_000_BYAPR16MB2790DB27C3CAF49D6B87955BEA550BYAPR16MB2790namp_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 536cb635-f424-48fa-50ef-08d6b6a72216
X-MS-Exchange-CrossTenant-originalarrivaltime: 01 Apr 2019 13:37:06.5784 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 4943e38c-6dd4-428c-886d-24932bc2d5de
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR16MB2726
X-OriginatorOrg: mcafee.com
X-NAI-Spam-Flag: NO
X-NAI-Spam-Threshold: 15
X-NAI-Spam-Score: 0
X-NAI-Spam-Version: 2.3.0.9418 : core <6515> : inlines <7045> : streams <1817400> : uri <2823815>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dots/_g_H7ViqqaRAIEAWKyHiV7C5XNs>
Subject: Re: [Dots] Attack-bandwidth expansion: more discussion
X-BeenThere: dots@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of DDoS Open Threat Signaling \(DOTS\) technology and directions." <dots.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dots>, <mailto:dots-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dots/>
List-Post: <mailto:dots@ietf.org>
List-Help: <mailto:dots-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dots>, <mailto:dots-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 01 Apr 2019 13:37:26 -0000

We published a draft https://tools.ietf.org/html/draft-doron-dots-telemetry-00 discussing various DOTS telemetry including total attack traffic, but at that the decision was to focus only on the mandatory attributes in the DOTS signal channel draft.  Now that the core protocols are almost ready, I think it’s right time to look into the telemetry attributes. We should probably discuss and consolidate the DOTS telemetry attributes in a single draft.

Cheers,
-Tiru

From: Dots <dots-bounces@ietf.org> On Behalf Of ???
Sent: Friday, March 29, 2019 4:37 PM
To: dots <dots@ietf.org>
Subject: [Dots] Attack-bandwidth expansion: more discussion


CAUTION: External email. Do not click links or open attachments unless you recognize the sender and know the content is safe.


________________________________

Hi everyone,

Due to time constraints during my presentation, we hadn't make much more discuss yesterday,

I'd like to continue discussion of these topics in the mail if you have any questions about this draft.



MeiLing Chen

--------------------------------------------------------------------------------------

Research institute of China mobile communications co. LTD

Institute of safety technology

Email address: chenmeiling@chinamobile.com<mailto:chenmeiling@chinamobile.com>

Phone: 13810149515

Address: no. 32, xuanwumen west street, xicheng district, Beijing (mobile innovation building)