Re: [Dots] New Version Notification for draft-chen-dots-attack-informations-03.txt

"Meiling Chen" <chenmeiling@chinamobile.com> Thu, 22 August 2019 11:11 UTC

Return-Path: <chenmeiling@chinamobile.com>
X-Original-To: dots@ietfa.amsl.com
Delivered-To: dots@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D0F6D120832; Thu, 22 Aug 2019 04:11:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.587
X-Spam-Level:
X-Spam-Status: No, score=-2.587 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_FONT_FACE_BAD=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rDBjGa0Xz7Ac; Thu, 22 Aug 2019 04:11:51 -0700 (PDT)
Received: from cmccmta1.chinamobile.com (cmccmta1.chinamobile.com [221.176.66.79]) by ietfa.amsl.com (Postfix) with ESMTP id 5E69A120026; Thu, 22 Aug 2019 04:11:50 -0700 (PDT)
Received: from spf.mail.chinamobile.com (unknown[172.16.121.1]) by rmmx-syy-dmz-app02-12002 (RichMail) with SMTP id 2ee25d5e7866d84-60150; Thu, 22 Aug 2019 19:11:38 +0800 (CST)
X-RM-TRANSID: 2ee25d5e7866d84-60150
X-RM-TagInfo: emlType=0
X-RM-SPAM-FLAG: 00000000
Received: from cmcc-PC (unknown[10.2.51.54]) by rmsmtp-syy-appsvr01-12001 (RichMail) with SMTP id 2ee15d5e7866bce-81a52; Thu, 22 Aug 2019 19:11:38 +0800 (CST)
X-RM-TRANSID: 2ee15d5e7866bce-81a52
Date: Thu, 22 Aug 2019 19:11:38 +0800
From: "Meiling Chen" <chenmeiling@chinamobile.com>
To: internet-drafts <internet-drafts@ietf.org>
Cc: dots <dots@ietf.org>
References: <156647101470.14906.11032347476240749997.idtracker@ietfa.amsl.com>
X-Priority: 3
X-Has-Attach: no
X-Mailer: Foxmail 7.2.9.115[cn]
Mime-Version: 1.0
Message-ID: <2019082219113715699120@chinamobile.com>
Content-Type: multipart/alternative; boundary="----=_001_NextPart333573256040_=----"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dots/dmt1P0NhGa_jp8aM42CryfxJRrQ>
Subject: Re: [Dots] New Version Notification for draft-chen-dots-attack-informations-03.txt
X-BeenThere: dots@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of DDoS Open Threat Signaling \(DOTS\) technology and directions." <dots.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dots>, <mailto:dots-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dots/>
List-Post: <mailto:dots@ietf.org>
List-Help: <mailto:dots-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dots>, <mailto:dots-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 22 Aug 2019 11:11:54 -0000

Hi all,

This version has made big changes, mainly:
(1) DDoS attacks are classified by Bandwidth consuming attack and Host resource consuming attack;
(2) Add parameters to mitigation request and response for Bandwidth consuming attack and Host resource consuming attack;
(3) Mitigation request parameters for Bandwidth consuming attack include 8: 
Attack_Target_IP,
Alarm_Begin_time,
Direction, 
Target_Attack_Type,
Target_Attack_Type_Threshold,
Attack_Target_IP_Peak,
Attack_Source_IP_Num, 
Attack_Bandwidth; 
Mitigation response parameters include 8 :  
Attack_Target_IP,
Alarm_End_time,
Target_Attack_Type,
Total_Traffic,
Residual_Traffic,
Attack_Traffic, 
Attack_Target_IP_Peak,
Attack_Source_IP_Num
(4) Mitigation request parameters for Host resource consuming attack include 5:
Attack_Target_IP,
Attack_Target_Packet_Rate,
Alarm_Begin_Time,
Direction,
Target_Attack_Type;
 Mitigation Response parameters 5:
Attack_Target_IP,
Alarm_End_time,
Target_Attack_Type,  
Attack_Source_IP,
Attack_Target_Packet_Rate
(5)When Host Resource consuming DDoS attack occurs we recommend using Attack_Target_Packet_Rate to detect attack.

Comments and questions are more than welcome.

Best Regards,
Meiling Chen 
From: internet-drafts
Date: 2019-08-22 18:50
To: Li Su; chenmeiling; Jin Peng; Meiling Chen
Subject: New Version Notification for draft-chen-dots-attack-informations-03.txt
 
A new version of I-D, draft-chen-dots-attack-informations-03.txt
has been successfully submitted by Meiling Chen and posted to the
IETF repository.
 
Name: draft-chen-dots-attack-informations
Revision: 03
Title: DOTS client carry ddos attack informations in signal channel
Document date: 2019-08-22
Group: Individual Submission
Pages: 20
URL:            https://www.ietf.org/internet-drafts/draft-chen-dots-attack-informations-03.txt
Status:         https://datatracker.ietf.org/doc/draft-chen-dots-attack-informations/
Htmlized:       https://tools.ietf.org/html/draft-chen-dots-attack-informations-03
Htmlized:       https://datatracker.ietf.org/doc/html/draft-chen-dots-attack-informations
Diff:           https://www.ietf.org/rfcdiff?url2=draft-chen-dots-attack-informations-03
 
Abstract:
   This document describes DDoS attack information which can be obtained
   by DOTS client when the enterprise suspects it is under DDoS attack,
   these informations will be send from DOTS client to DOTS server in
   mitigation request using Signal channel or Data channel.
 
                                                                                  
 
 
Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.
 
The IETF Secretariat