IETF Logo Mail Archive

Re: [Dots] WGLC for draft-dots-use-cases-19

Töma Gavrichenkov <ximaera@gmail.com> Tue, 06 August 2019 13:05 UTC

Return-Path: <ximaera@gmail.com>
X-Original-To: dots@ietfa.amsl.com
Delivered-To: dots@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7320D120183 for <dots@ietfa.amsl.com>; Tue, 6 Aug 2019 06:05:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id U1Uq_tSi2sa4 for <dots@ietfa.amsl.com>; Tue, 6 Aug 2019 06:05:50 -0700 (PDT)
Received: from mail-yw1-xc34.google.com (mail-yw1-xc34.google.com [IPv6:2607:f8b0:4864:20::c34]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EB586120170 for <dots@ietf.org>; Tue, 6 Aug 2019 06:05:49 -0700 (PDT)
Received: by mail-yw1-xc34.google.com with SMTP id q128so30795262ywc.1 for <dots@ietf.org>; Tue, 06 Aug 2019 06:05:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=AeDvMPSYSjepFhJYOJ54/0oBZuO4LdqXVRdGVwqE7kY=; b=qioMHTlaKNYGMPFUBoWEMnQx6KSMv4Gj9rMzoPYtOC4zAwMB50HHJheq5jOa7tDz0m FI6y9ThpyiZvIpUgmrEiNxYwP2VMNl9kz5+2DuzpQfTZnwqiRu8OHRWV4pdRoabUxZaf 8+yFN1edsTGW0QMdXIYXdcJRmr006cYwwy5NQaoq4e0jluynAJeaBMhHnlajAvKLp6jU dz9IKEO+dMdMl/2CfphUxPEuCLYPT8VObmH6CtgtBZl8YT4xZlbFdoZiAcz2JdiOqW5k iH+iXiDD3QTvO632tDnbhjGkLzEXGVeNzykSL3sz1jrw+sFgfqlS8NMl9L3/fNw8GTbt YgCQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=AeDvMPSYSjepFhJYOJ54/0oBZuO4LdqXVRdGVwqE7kY=; b=ZvL0VDUW0YctkbkpuPS1E1hUN9G+t1R+1qvFTGeHFfTvBzjRImKnj7dkhQFmSjKVJN B8chqS0uAmmN+sbYmaAneQzMKgun1kBtt6yMEUicdtVIxHOZu1q0Rc0lrBmNSWVAKNV4 LTI8kI+j5ewYiVwcfnms7qMz6SK9MEKPx4Wgrqvybc/1ZHqDqVS0mVmObkYxaNIiQ8V5 IkMj2YFU1VqKWS4vNKfGyBpo6g0cN8FiaevRbpsn0J0V/fBfZ9teXQxoFFjjSH0B9+rE 0mmYOVZy6EVAnyMo4hLvsWqyQf4fe6Jhn0+rEzDv9i0ZJ3A8yZTczyBU7csjoDDfPqFL iBKQ==
X-Gm-Message-State: APjAAAX5rb0aWCXkKmM+IRsU/toPybaMGs3/dJvgSDh3MtFH2MZ19i5S vG6zzEKnRED3R5XkziWOgz2jx+PQ2wLl2mLn3B0=
X-Google-Smtp-Source: APXvYqzPuXG3zusZf2UdQQ3tawPOhaMzO+CtBnMGUkg8DP5gDG67Un/E41qr1it/B+OhYkiShIT+PYjpjYJ9sFBQ76c=
X-Received: by 2002:a81:301:: with SMTP id 1mr2236606ywd.102.1565096748859; Tue, 06 Aug 2019 06:05:48 -0700 (PDT)
MIME-Version: 1.0
References: <00b001d54c1f$d57799e0$8066cda0$@smyslov.net> <DM5PR16MB17050571BAD70FACA597FA6CEAD50@DM5PR16MB1705.namprd16.prod.outlook.com> <787AE7BB302AE849A7480A190F8B9330312FDB17@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <DM5PR16MB170555606E26709FC5C54AA4EAD50@DM5PR16MB1705.namprd16.prod.outlook.com> <787AE7BB302AE849A7480A190F8B9330312FDBC8@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <DM5PR16MB17050DF869BABA8B3670DC85EAD50@DM5PR16MB1705.namprd16.prod.outlook.com> <787AE7BB302AE849A7480A190F8B9330312FDC3B@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <DM5PR16MB1705E573DE3E7482115B9FE0EAD50@DM5PR16MB1705.namprd16.prod.outlook.com> <787AE7BB302AE849A7480A190F8B9330312FDC6C@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <DM5PR16MB170551C20908654A0F6428D7EAD50@DM5PR16MB1705.namprd16.prod.outlook.com> <CALZ3u+apnoCr9d0p_8ONCidyweMFRrdZO3tD-SdE=+-KeHV9QQ@mail.gmail.com> <DM5PR16MB1705E536C86621FAFB2DDC71EAD50@DM5PR16MB1705.namprd16.prod.outlook.com>
In-Reply-To: <DM5PR16MB1705E536C86621FAFB2DDC71EAD50@DM5PR16MB1705.namprd16.prod.outlook.com>
From: Töma Gavrichenkov <ximaera@gmail.com>
Date: Tue, 06 Aug 2019 16:05:24 +0300
Message-ID: <CALZ3u+b_W65eWnFh_22XbCNUAiDcUHJFMaoXwhAeq3HTAd=SCA@mail.gmail.com>
To: "Konda, Tirumaleswar Reddy" <TirumaleswarReddy_Konda@mcafee.com>
Cc: "mohamed.boucadair@orange.com" <mohamed.boucadair@orange.com>, Valery Smyslov <valery@smyslov.net>, "dots@ietf.org" <dots@ietf.org>, "Xialiang (Frank, Network Standard & Patent Dept)" <frank.xialiang@huawei.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/dots/fAR0Rtz0HOeVvmVPA94QyGZ96JQ>
Subject: Re: [Dots] WGLC for draft-dots-use-cases-19
X-BeenThere: dots@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of DDoS Open Threat Signaling \(DOTS\) technology and directions." <dots.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dots>, <mailto:dots-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dots/>
List-Post: <mailto:dots@ietf.org>
List-Help: <mailto:dots-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dots>, <mailto:dots-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Aug 2019 13:05:52 -0000

On Tue, Aug 6, 2019 at 3:52 PM Konda, Tirumaleswar Reddy
<TirumaleswarReddy_Konda@mcafee.com> wrote:
>> I must say I don't understand what is the reason
>> behind collecting spoofed IP addresses.
>
> I am referring to reflection attacks
> (e.g. DNS amplification attack).

Especially under those attacks you must not drop traffic based on
source IP addresses in it.  Otherwise you will fall directly into a
lovely crafted trap when the attacker starts to generate traffic with
source IP addresses of your potential users.

But anyway, DOTS is not about attack mitigation techniques, it's just
a signalling channel.  How exactly the mitigation is being carried out
by either side of the channel is out of scope of the WG.

> The other attack could be where the surveillance
> IP camera's IP address is spoofed, traffic from this
> IP address is black-listed and it no longer can send
> feeds to its server

Yes, this is in particular why you must not take into account any data
you haven't verified, including (but not limited to) a source IP
address before a handshake is completed successfully.

--
Töma

v2.23.0 | Report a Bug | By Email