IETF Logo Mail Archive

Re: [Dots] Fwd: New Version Notification for draft-reddy-dots-telemetry-00.txt

"Konda, Tirumaleswar Reddy" <TirumaleswarReddy_Konda@McAfee.com> Fri, 26 July 2019 08:53 UTC

Return-Path: <tirumaleswarreddy_konda@mcafee.com>
X-Original-To: dots@ietfa.amsl.com
Delivered-To: dots@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 91D191202E5 for <dots@ietfa.amsl.com>; Fri, 26 Jul 2019 01:53:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.999
X-Spam-Level:
X-Spam-Status: No, score=-3.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (public key: not available)" header.d=mcafee.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8-nvLfBc5Bve for <dots@ietfa.amsl.com>; Fri, 26 Jul 2019 01:53:39 -0700 (PDT)
Received: from us-smtp-delivery-210.mimecast.com (us-smtp-delivery-210.mimecast.com [63.128.21.210]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B0DEE1202C5 for <dots@ietf.org>; Fri, 26 Jul 2019 01:53:39 -0700 (PDT)
X-NAI-Header: Modified by McAfee Email Gateway (5500)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mcafee.com; s=s_mcafee; t=1564131256; h=ARC-Seal: ARC-Message-Signature:ARC-Authentication-Results: From:To:CC:Subject:Thread-Topic:Thread-Index: Date:Message-ID:References:In-Reply-To:Accept-Language: Content-Language:X-MS-Has-Attach:X-MS-TNEF-Correlator: dlp-product:dlp-version:dlp-reaction:authentication-results: x-originating-ip:x-ms-publictraffictype:x-ms-office365-filtering-correlation-id: x-microsoft-antispam:x-ms-traffictypediagnostic: x-ms-exchange-purlcount:x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers:x-forefront-prvs: x-forefront-antispam-report:received-spf:x-ms-exchange-senderadcheck: x-microsoft-antispam-message-info:Content-Type: Content-Transfer-Encoding:MIME-Version:X-MS-Exchange-CrossTenant-Network-Message-Id: X-MS-Exchange-CrossTenant-originalarrivaltime: X-MS-Exchange-CrossTenant-fromentityheader: X-MS-Exchange-CrossTenant-id:X-MS-Exchange-CrossTenant-mailboxtype: X-MS-Exchange-CrossTenant-userprincipalname: X-MS-Exchange-Transport-CrossTenantHeadersStamped: X-OriginatorOrg:X-NAI-Spam-Flag:X-NAI-Spam-Level: X-NAI-Spam-Threshold:X-NAI-Spam-Score:X-NAI-Spam-Version; bh=chrMnGn+7Ksb9TEfdj3XqYnnISJbsL2QO6aM0p l+gTQ=; b=cB7vxR+NGeHkU0zI2L4cTR1bxj9SRiujHylLlcBq EFdkOl2zPWvQkuYi6PS4dIQv7+NEpKVVyc3g3W6J/BCVRAF/Y3 yG/MdrgpAoeZt3ud5WsXfyvSlk9Wq0kppNjb27FlxradJRiw8u KtQJeiq+lg3oM6jLevbxrs9kQFpEuWk=
Received: from MIVWSMAILOUT1.mcafee.com (mivwsmailout1.mcafee.com [161.69.47.167]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-314-7JqCt2iMPsOB7-sROHZVqA-1; Fri, 26 Jul 2019 04:53:37 -0400
Received: from DNVEXAPP1N06.corpzone.internalzone.com (DNVEXAPP1N06.corpzone.internalzone.com [10.44.48.90]) by MIVWSMAILOUT1.mcafee.com with smtp (TLS: TLSv1/SSLv3,256bits,ECDHE-RSA-AES256-SHA384) id 2184_a1b1_31e9ae75_c41b_4134_93f1_0bf3e6f72331; Fri, 26 Jul 2019 04:54:15 -0400
Received: from DNVEXAPP1N05.corpzone.internalzone.com (10.44.48.89) by DNVEXAPP1N06.corpzone.internalzone.com (10.44.48.90) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Fri, 26 Jul 2019 02:53:25 -0600
Received: from DNVO365EDGE1.corpzone.internalzone.com (10.44.176.66) by DNVEXAPP1N05.corpzone.internalzone.com (10.44.48.89) with Microsoft SMTP Server (TLS) id 15.0.1395.4 via Frontend Transport; Fri, 26 Jul 2019 02:53:25 -0600
Received: from NAM02-CY1-obe.outbound.protection.outlook.com (10.44.176.242) by edge.mcafee.com (10.44.176.66) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Fri, 26 Jul 2019 02:53:24 -0600
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=OfTdi8IYNz9gSwbGUBMB7hPZR6zSfoRATKauCu3eUw+9RMq3WhHT6jyK7sFEaGBtosxVpNZzBU2reN37ePqrT1iRDNcmA72KghCs5ggBNMhrUspFrgAI18vX5hpvkSQIhsW4RjnNRdl8PR0PXMisoRdDxGjOmgHUKh4hVFlya+Fr/T4QMr3ZGsDaJ2H5lLhg6fRPgLb4FRqnhCv5E7RTLnflA6+Uzf3rdkJbNKh6HsznYdzc2UHQ5Iw2nIM2/DKeLJHR+icsdacaNXUcXTkKrEICAQA1AV3lbOTsh7ezy+Eh5IUXvCiVZRNi1uKY/qfRhhj6kTU3dV3oN2Dv4yfmOw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=chrMnGn+7Ksb9TEfdj3XqYnnISJbsL2QO6aM0pl+gTQ=; b=TfVkWe7APnmLXVvFbBF4JzeM/8d3SROtk1j0POgojQfOqJtNxMMwx2uYahnUwHV4IVp6fBXHVKrgZrRy5ffkOP7vfCuUkexyrbtTd3F5XG90dn5oa0tKrqGWdL5hWBx+IQ4OTLoMYnCDiHc91GUCiBu6eIsJNJeAx0myJHGNWwR1WMB2rk0uzxzFh+UjifrsB9DR25jvD1pfKPBiNg0RypjjvZI6vMfaIkgkqTrzuGY3nUdVIgMcYy9DZGnZjbTWybziYs21aCTZP3C/ck2vwCby1ZwPB0leH+5Ul/4Yp43C7rP/YN6y1sRb5ODef3GX1tTw5DfDaGU3EN8CsBGZsA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1;spf=pass smtp.mailfrom=mcafee.com;dmarc=pass action=none header.from=mcafee.com;dkim=pass header.d=mcafee.com;arc=none
Received: from DM5PR16MB1705.namprd16.prod.outlook.com (10.172.44.147) by DM5PR16MB2181.namprd16.prod.outlook.com (52.132.142.18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2115.13; Fri, 26 Jul 2019 08:53:23 +0000
Received: from DM5PR16MB1705.namprd16.prod.outlook.com ([fe80::6c22:21e:7528:3dc5]) by DM5PR16MB1705.namprd16.prod.outlook.com ([fe80::6c22:21e:7528:3dc5%6]) with mapi id 15.20.2115.005; Fri, 26 Jul 2019 08:53:23 +0000
From: "Konda, Tirumaleswar Reddy" <TirumaleswarReddy_Konda@McAfee.com>
To: H Y <yuuhei.hayashi@gmail.com>
CC: Mohamed Boucadair <mohamed.boucadair@orange.com>, tirumal reddy <kondtir@gmail.com>, "dots@ietf.org" <dots@ietf.org>
Thread-Topic: [Dots] Fwd: New Version Notification for draft-reddy-dots-telemetry-00.txt
Thread-Index: AQHVMzSMCPbrTboVdUKfxcuyXDvZxqbYNT+AgAGVHKCAAAbagIAAAf6QgAAE3gCAAAhfgP///5jQgAAIfgCAAs8xgA==
Date: Fri, 26 Jul 2019 08:53:23 +0000
Message-ID: <DM5PR16MB1705A062497E9A8EB7590F94EAC00@DM5PR16MB1705.namprd16.prod.outlook.com>
References: <156233245922.21720.2303446065970922340.idtracker@ietfa.amsl.com> <CAFpG3gcgpJRyLSoLkOMuUWY8pZrBPDCCz6-sc8A=1KW3GMpm+g@mail.gmail.com> <CAA8pjUPY+GDGxNhqDCWsh-6aGnYoOL+A5pGaE=2BaE5j8rY41g@mail.gmail.com> <DM5PR16MB17051F8C7697FE7DAF88AEC4EAC60@DM5PR16MB1705.namprd16.prod.outlook.com> <787AE7BB302AE849A7480A190F8B9330312E739F@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <DM5PR16MB17050D182A4BE8C3B7EFDC3EEAC60@DM5PR16MB1705.namprd16.prod.outlook.com> <787AE7BB302AE849A7480A190F8B9330312E73FA@OPEXCAUBMA2.corporate.adroot.infra.ftgroup> <CAA8pjUPe8rf6m2xy2S+JzhTN+xMm_9f3+OaBAsAnY7aV43g11A@mail.gmail.com> <DM5PR16MB17055E4630A2413CB7D212DBEAC60@DM5PR16MB1705.namprd16.prod.outlook.com> <CAA8pjUMngVnRAbMtLWYSb+0UCfO4ZEBtqk04gYNgsFHvGDU3fg@mail.gmail.com>
In-Reply-To: <CAA8pjUMngVnRAbMtLWYSb+0UCfO4ZEBtqk04gYNgsFHvGDU3fg@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
dlp-product: dlpe-windows
dlp-version: 11.3.0.17
dlp-reaction: no-action
x-originating-ip: [103.245.47.20]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: f2c25d50-20a4-48fa-0338-08d711a6b771
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(2017052603328)(7193020); SRVR:DM5PR16MB2181;
x-ms-traffictypediagnostic: DM5PR16MB2181:
x-ms-exchange-purlcount: 7
x-microsoft-antispam-prvs: <DM5PR16MB2181CB75186D00B96C6E3FC8EAC00@DM5PR16MB2181.namprd16.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 01106E96F6
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(136003)(39860400002)(346002)(396003)(376002)(366004)(13464003)(51914003)(32952001)(53754006)(52314003)(189003)(199004)(4326008)(6916009)(30864003)(229853002)(66574012)(66066001)(26005)(7696005)(102836004)(53936002)(99286004)(2906002)(476003)(33656002)(5660300002)(9686003)(6306002)(5024004)(14444005)(76176011)(86362001)(256004)(14454004)(54906003)(478600001)(15650500001)(80792005)(6506007)(11346002)(25786009)(53546011)(6116002)(446003)(8936002)(8676002)(966005)(186003)(71200400001)(74316002)(7736002)(66476007)(81156014)(81166006)(66446008)(66946007)(71190400001)(486006)(66556008)(64756008)(6436002)(316002)(6246003)(52536014)(76116006)(305945005)(68736007)(3846002)(55016002)(85282002); DIR:OUT; SFP:1101; SCL:1; SRVR:DM5PR16MB2181; H:DM5PR16MB1705.namprd16.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: Wv+K2lGlw0MmYZtCi8RQpvV3lMPEqteRZlGOqTJnnvGl3+8BL4RXWWd733VPnhPADAXKuQDsxCuXFoETgWaUXr9XlFmhnv6Eb8C5/zuqfPV+3oRCH4zbfXJ3UNIfFBOSMUWJD2eGJtQ20FQ49j6AJsgXalykFZLbkfkpW7PuOrNwrqqP2U1EN/oVkUukcZvx4gyfNAjW/pDgJ6RdDvWNpEudS3aEIr6Lqr4Uut9JFU2y1mygRQK0bPgeFYOoIBDdRLVVb9Fe62Jh1rqe8SdPZVm2YlMT11sMvegCsbJktQS9Ka6eHdw6UNiHq4G/K+dQ7xI4Z2LiR2YakC1o1d2h2ZswqtrH78COvb4E1sr1hJZMJn5I/g1x6LunVOwg9ePYtr/18PZhpA7+s0KMUNUnJpxm9u39dUZPQ2V8ZIDQwsY=
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: f2c25d50-20a4-48fa-0338-08d711a6b771
X-MS-Exchange-CrossTenant-originalarrivaltime: 26 Jul 2019 08:53:23.4002 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 4943e38c-6dd4-428c-886d-24932bc2d5de
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: TirumaleswarReddy_Konda@McAfee.com
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR16MB2181
X-OriginatorOrg: mcafee.com
X-NAI-Spam-Flag: NO
X-NAI-Spam-Level:
X-NAI-Spam-Threshold: 15
X-NAI-Spam-Score: 0.2
X-NAI-Spam-Version: 2.3.0.9418 : core <6598> : inlines <7127> : streams <1828460> : uri <2872928>
X-MC-Unique: 7JqCt2iMPsOB7-sROHZVqA-1
X-Mimecast-Spam-Score: 0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
Archived-At: <https://mailarchive.ietf.org/arch/msg/dots/tb-1ojJ6TmSmRUci6JoUeD-gB1Y>
Subject: Re: [Dots] Fwd: New Version Notification for draft-reddy-dots-telemetry-00.txt
X-BeenThere: dots@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of DDoS Open Threat Signaling \(DOTS\) technology and directions." <dots.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dots>, <mailto:dots-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dots/>
List-Post: <mailto:dots@ietf.org>
List-Help: <mailto:dots-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dots>, <mailto:dots-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 26 Jul 2019 08:53:43 -0000

> -----Original Message-----
> From: H Y <yuuhei.hayashi@gmail.com>
> Sent: Wednesday, July 24, 2019 7:26 PM
> To: Konda, Tirumaleswar Reddy <TirumaleswarReddy_Konda@McAfee.com>
> Cc: Mohamed Boucadair <mohamed.boucadair@orange.com>; tirumal reddy
> <kondtir@gmail.com>; dots@ietf.org
> Subject: Re: [Dots] Fwd: New Version Notification for draft-reddy-dots-
> telemetry-00.txt
> 
> This email originated from outside of the organization. Do not click links or
> open attachments unless you recognize the sender and know the content is
> safe.
> 
> Hi Tiru
> 
> > What is stopping the attacker to frequently change the IP address
> (especially with IPv6) ?
> > What kind of attack traffic is generated by the top talkers and what
> happens if the top talkers are spoofed IP addresses (e.g. amplification
> attack) ?
> IMO, when a reflection attack hits a target, src_ip address detected at the
> target are reflectors ip address.
> If the reflector's ip does not change frequently, the top talker information
> can be used.
> Is it wrong?

Yes, the reflector becomes the victim in this attack and cannot access the services of the target server. For example, consider an attack scenario where the surveillance IP camera's IP address is spoofed and it no longer can send feeds to its server (and the attacker can successfully launch a physical attack (e.g. home burglary)).

Cheers,
-Tiru

> 
> Thanks,
> Yuhei
> 
> 2019年7月24日(水) 9:37 Konda, Tirumaleswar Reddy
> <TirumaleswarReddy_Konda@mcafee.com>:
> >
> > Hi Yuhei,
> >
> > What is stopping the attacker to frequently change the IP address
> (especially with IPv6) ?
> > What kind of attack traffic is generated by the top talkers and what
> happens if the top talkers are spoofed IP addresses (e.g. amplification
> attack) ?
> >
> > Cheers,
> > -Tiru
> >
> > > -----Original Message-----
> > > From: H Y <yuuhei.hayashi@gmail.com>
> > > Sent: Wednesday, July 24, 2019 6:57 PM
> > > To: Mohamed Boucadair <mohamed.boucadair@orange.com>
> > > Cc: Konda, Tirumaleswar Reddy
> <TirumaleswarReddy_Konda@McAfee.com>;
> > > tirumal reddy <kondtir@gmail.com>; dots@ietf.org
> > > Subject: Re: [Dots] Fwd: New Version Notification for
> > > draft-reddy-dots- telemetry-00.txt
> > >
> > >
> > >
> > > Hi Med,
> > >
> > > > [Med] Yes. My point is if one has to return a list of top-talkers
> > > > in terms of
> > > pps, another list of top-talkers in terms of second_criteria, or
> > > other information relying on source-prefix dedicated attributes will
> > > be needed because this cannot be inferred from the current source-
> prefix attribute.
> > > [hayashi] +1. This top-talker information is helpful for the
> > > orchestrator to decide which attack traffic should be blocked
> > > preferentially in network. The criteria information is also needed.
> > >
> > > Thanks,
> > > Yuhei
> > >
> > > 2019年7月24日(水) 8:56 <mohamed.boucadair@orange.com>:
> > > >
> > > > Re-,
> > > >
> > > > Please see inline.
> > > >
> > > > Cheers,
> > > > Med
> > > >
> > > > > -----Message d'origine-----
> > > > > De : Konda, Tirumaleswar Reddy
> > > > > [mailto:TirumaleswarReddy_Konda@McAfee.com]
> > > > > Envoyé : mercredi 24 juillet 2019 14:45 À : BOUCADAIR Mohamed
> > > > > TGI/OLN; H Y; tirumal reddy Cc : dots@ietf.org Objet : RE:
> > > > > [Dots]
> > > > > Fwd: New Version Notification for draft-reddy-dots-
> > > > > telemetry-00.txt
> > > > >
> > > > > > -----Original Message-----
> > > > > > From: mohamed.boucadair@orange.com
> > > <mohamed.boucadair@orange.com>
> > > > > > Sent: Wednesday, July 24, 2019 6:02 PM
> > > > > > To: Konda, Tirumaleswar Reddy
> > > > > > <TirumaleswarReddy_Konda@McAfee.com>; H Y
> > > > > > <yuuhei.hayashi@gmail.com>; tirumal reddy <kondtir@gmail.com>
> > > > > > Cc: dots@ietf.org
> > > > > > Subject: RE: [Dots] Fwd: New Version Notification for
> > > > > > draft-reddy-dots- telemetry-00.txt
> > > > > >
> > > > > > This email originated from outside of the organization. Do not
> > > > > > click
> > > > > links or
> > > > > > open attachments unless you recognize the sender and know the
> > > > > > content is safe.
> > > > > >
> > > > > > Hi Tiru,
> > > > > >
> > > > > > That’s true...but fragmentation is a general issue each time
> > > > > > we need to supply more telemetry information in the signal channel.
> > > > > > As already
> > > > > noted in
> > > > > > the draft, we will need to figure out when it is better to
> > > > > > provide some telemetry information using data channel.
> > > > >
> > > > > Yes, normal traffic baseline attributes can be conveyed in the
> > > > > DOTS data channel and traffic from top talkers can also be
> > > > > blocked/rate-limited using the DOTS data channel during peace time.
> > > > >
> > > > > >
> > > > > > BTW, "top talker" can already be supplied using source-prefix
> attribute.
> > > > > > Whether top-talker needs to be defined as a separated
> > > > > > attribute, but structured as a list of source-prefixes is a
> > > > > > design details (if the WG
> > > > > agrees to
> > > > > > include it in the telemetry information).
> > > > >
> > > > > Source-prefix is already a list/array.
> > > >
> > > > [Med] Yes. My point is if one has to return a list of top-talkers
> > > > in terms of
> > > pps, another list of top-talkers in terms of second_criteria, or
> > > other information relying on source-prefix dedicated attributes will
> > > be needed because this cannot be inferred from the current source-
> prefix attribute.
> > > >
> > > > >
> > > > > >
> > > > > > Anyway, let's continue collecting candidate telemetry
> > > > > > information and
> > > > > then
> > > > > > make a selection in a second phase.
> > > > >
> > > > > Sure.
> > > > >
> > > > > Cheers,
> > > > > -Tiru
> > > > >
> > > > > >
> > > > > > Cheers,
> > > > > > Med
> > > > > >
> > > > > > > -----Message d'origine-----
> > > > > > > De : Dots [mailto:dots-bounces@ietf.org] De la part de
> > > > > > > Konda, Tirumaleswar Reddy Envoyé : mercredi 24 juillet 2019
> > > > > > > 14:18 À : H Y; tirumal reddy Cc : dots@ietf.org Objet : Re:
> > > > > > > [Dots] Fwd: New Version Notification for draft-reddy-dots-
> > > > > > > telemetry-00.txt
> > > > > > >
> > > > > > > Hi Yuhei,
> > > > > > >
> > > > > > > Thanks for the support. The problem is fragmentation of the
> > > > > > > DOTS telemetry message, DOTS Telemetry is sent over the DOTS
> > > > > > > signal channel using UDP and the message size cannot exceed
> PMTU.
> > > > > > >
> > > > > > > Cheers,
> > > > > > > -Tiru
> > > > > > >
> > > > > > > > -----Original Message-----
> > > > > > > > From: Dots <dots-bounces@ietf.org> On Behalf Of H Y
> > > > > > > > Sent: Tuesday, July 23, 2019 5:28 PM
> > > > > > > > To: tirumal reddy <kondtir@gmail.com>
> > > > > > > > Cc: dots@ietf.org
> > > > > > > > Subject: Re: [Dots] Fwd: New Version Notification for
> > > > > > > > draft-reddy-dots- telemetry-00.txt
> > > > > > > >
> > > > > > > > This email originated from outside of the organization. Do
> > > > > > > > not click
> > > > > > > links or
> > > > > > > > open attachments unless you recognize the sender and know
> > > > > > > > the content is safe.
> > > > > > > >
> > > > > > > > Hi Tiru,
> > > > > > > >
> > > > > > > > I read the draft and I also support this draft.
> > > > > > > > Sending detail information about attack traffic helps my
> > > > > > > > dms offload
> > > > > > > scenario
> > > > > > > > because the orchestrator can decide what to do based on
> > > > > > > > the detail information.
> > > > > > > >
> > > > > > > > IMO, "top talker" attribute defined in my previous draft
> > > > > > > > is also
> > > > > > > feasible to
> > > > > > > > send and effective to mitigate attack correctly.
> > > > > > > > https://datatracker.ietf.org/doc/draft-h-dots-mitigation-o
> > > > > > > > fflo
> > > > > > > > ad-
> > > > > > > expansion/
> > > > > > > > What do you think about including the top talker attribute
> > > > > > > > to the
> > > > > > > telemetry?
> > > > > > > >
> > > > > > > > Thanks,
> > > > > > > > Yuhei
> > > > > > > >
> > > > > > > > 2019年7月5日(金) 9:21 tirumal reddy <kondtir@gmail.com>:
> > > > > > > > >
> > > > > > > > > Hi all,
> > > > > > > > >
> > > > > > > > > https://tools.ietf.org/html/draft-reddy-dots-telemetry-0
> > > > > > > > > 0
> > > > > > > > > aims to
> > > > > > > enrich
> > > > > > > > DOTS protocols with various telemetry attributes allowing
> > > > > > > > optimal DDoS attack mitigation. This document specifies
> > > > > > > > the normal traffic baseline
> > > > > > > and
> > > > > > > > attack traffic telemetry attributes a DOTS client can
> > > > > > > > convey to its DOTS
> > > > > > > server
> > > > > > > > in the mitigation request, the mitigation status telemetry
> > > > > > > > attributes a
> > > > > > > DOTS
> > > > > > > > server can communicate to a DOTS client, and the
> > > > > > > > mitigation efficacy telemetry attributes a DOTS client can
> > > > > > > > communicate to a
> > > DOTS server.
> > > > > > > The
> > > > > > > > telemetry attributes can assist the mitigator to choose
> > > > > > > > the DDoS
> > > > > > > mitigation
> > > > > > > > techniques and perform optimal DDoS attack mitigation.
> > > > > > > > >
> > > > > > > > > Comments, suggestions, and questions are more than
> welcome.
> > > > > > > > >
> > > > > > > > > Cheers,
> > > > > > > > > -Tiru
> > > > > > > > >
> > > > > > > > > ---------- Forwarded message ---------
> > > > > > > > > From: <internet-drafts@ietf.org>
> > > > > > > > > Date: Fri, 5 Jul 2019 at 18:44
> > > > > > > > > Subject: New Version Notification for
> > > > > > > > > draft-reddy-dots-telemetry-00.txt
> > > > > > > > > To: Tirumaleswar Reddy <kondtir@gmail.com>, Ehud Doron
> > > > > > > > > <ehudd@radware.com>, Mohamed Boucadair
> > > > > > > > <mohamed.boucadair@orange.com>
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > > A new version of I-D, draft-reddy-dots-telemetry-00.txt
> > > > > > > > > has been successfully submitted by Tirumaleswar Reddy
> > > > > > > > > and posted to the IETF repository.
> > > > > > > > >
> > > > > > > > > Name:           draft-reddy-dots-telemetry
> > > > > > > > > Revision:       00
> > > > > > > > > Title:          Distributed Denial-of-Service Open Threat
> > > > > Signaling
> > > > > > > (DOTS)
> > > > > > > > Telemetry
> > > > > > > > > Document date:  2019-07-05
> > > > > > > > > Group:          Individual Submission
> > > > > > > > > Pages:          13
> > > > > > > > > URL:            https://www.ietf.org/internet-drafts/draft-reddy-
> > > > > dots-
> > > > > > > > telemetry-00.txt
> > > > > > > > > Status:         https://datatracker.ietf.org/doc/draft-reddy-dots-
> > > > > > > telemetry/
> > > > > > > > > Htmlized:       https://tools.ietf.org/html/draft-reddy-dots-
> > > > > > > telemetry-00
> > > > > > > > > Htmlized:       https://datatracker.ietf.org/doc/html/draft-
> reddy-
> > > > > > > dots-
> > > > > > > > telemetry
> > > > > > > > >
> > > > > > > > >
> > > > > > > > > Abstract:
> > > > > > > > >    This document aims to enrich DOTS signal channel protocol
> with
> > > > > > > > >    various telemetry attributes allowing optimal DDoS
> > > > > > > > > attack
> > > > > > > mitigation.
> > > > > > > > >    This document specifies the normal traffic baseline and
> attack
> > > > > > > > >    traffic telemetry attributes a DOTS client can convey
> > > > > > > > > to its
> > > > > DOTS
> > > > > > > > >    server in the mitigation request, the mitigation
> > > > > > > > > status
> > > > > telemetry
> > > > > > > > >    attributes a DOTS server can communicate to a DOTS
> > > > > > > > > client, and
> > > > > the
> > > > > > > > >    mitigation efficacy telemetry attributes a DOTS client can
> > > > > > > > >    communicate to a DOTS server.  The telemetry
> > > > > > > > > attributes can
> > > > > assist
> > > > > > > > >    the mitigator to choose the DDoS mitigation
> > > > > > > > > techniques and
> > > > > perform
> > > > > > > > >    optimal DDoS attack mitigation.
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > > Please note that it may take a couple of minutes from
> > > > > > > > > the time of submission until the htmlized version and
> > > > > > > > > diff are available at
> > > > > > > tools.ietf.org.
> > > > > > > > >
> > > > > > > > > The IETF Secretariat
> > > > > > > > >
> > > > > > > > > _______________________________________________
> > > > > > > > > Dots mailing list
> > > > > > > > > Dots@ietf.org
> > > > > > > > > https://www.ietf.org/mailman/listinfo/dots
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > > --
> > > > > > > > ----------------------------------
> > > > > > > > Yuuhei HAYASHI
> > > > > > > > 08065300884
> > > > > > > > yuuhei.hayashi@gmail.com
> > > > > > > > iehuuy_0220@docomo.ne.jp
> > > > > > > > ----------------------------------
> > > > > > > >
> > > > > > > > _______________________________________________
> > > > > > > > Dots mailing list
> > > > > > > > Dots@ietf.org
> > > > > > > > https://www.ietf.org/mailman/listinfo/dots
> > > > > > > _______________________________________________
> > > > > > > Dots mailing list
> > > > > > > Dots@ietf.org
> > > > > > > https://www.ietf.org/mailman/listinfo/dots
> > >
> > >
> > >
> > > --
> > > ----------------------------------
> > > Yuuhei HAYASHI
> > > 08065300884
> > > yuuhei.hayashi@gmail.com
> > > iehuuy_0220@docomo.ne.jp
> > > ----------------------------------
> 
> 
> 
> --
> ----------------------------------
> Yuuhei HAYASHI
> 08065300884
> yuuhei.hayashi@gmail.com
> iehuuy_0220@docomo.ne.jp
> ----------------------------------

v2.23.0 | Report a Bug | By Email