Re: [GROW] Kathleen Moriarty's No Objection on draft-ietf-grow-filtering-threats-07: (with COMMENT)
"Pierre Francois (pifranco)" <pifranco@cisco.com> Tue, 01 September 2015 15:06 UTC
Return-Path: <pifranco@cisco.com>
X-Original-To: grow@ietfa.amsl.com
Delivered-To: grow@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 068C21B63AE; Tue, 1 Sep 2015 08:06:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.51
X-Spam-Level:
X-Spam-Status: No, score=-14.51 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aIwrjgbDaF-I; Tue, 1 Sep 2015 08:06:20 -0700 (PDT)
Received: from rcdn-iport-7.cisco.com (rcdn-iport-7.cisco.com [173.37.86.78]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3F56B1B620A; Tue, 1 Sep 2015 08:06:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=5553; q=dns/txt; s=iport; t=1441119980; x=1442329580; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=BXN4YIUjo/2VUB56c/7CdsYAA4YxpuCb0IgTtASeso0=; b=Y/vak338o52ImfZq3vvmbobgDMGDPrZHhJCt0e29k4fmfaOv7IL1abzw vty9mQohyYGuMutZxcsLzSt80OVDl8tWOIadOYXXwNEt1D9E+ab4qWOab U0udA8BhIhqihpSaTaELB2W66Wth7m3IrGH9hzSREICqieXpolUCbmVGF c=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0B9AgAyvuVV/5ldJa1dgxtUaQa+KAEJgXeFMUoCgT04FAEBAQEBAQGBCoQkAQEEDlcUEAIBBgIYLiERJQIEAQ0FFAeHfgMSDZcQrRENhQcBAQEBAQEBAQEBAQEBAQEBAQEBAQETBIZ0hHyCT4FqAQEFGDMCBYQsAQSHK4p9gxkBiweBbYFKhDKNNINQg2wmgkGBPnEBgQ06gQUBAQE
X-IronPort-AV: E=Sophos;i="5.17,449,1437436800"; d="scan'208";a="23454547"
Received: from rcdn-core-2.cisco.com ([173.37.93.153]) by rcdn-iport-7.cisco.com with ESMTP; 01 Sep 2015 15:06:19 +0000
Received: from XCH-ALN-020.cisco.com (xch-aln-020.cisco.com [173.36.7.30]) by rcdn-core-2.cisco.com (8.14.5/8.14.5) with ESMTP id t81F6J3F012406 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Tue, 1 Sep 2015 15:06:19 GMT
Received: from xch-aln-020.cisco.com (173.36.7.30) by XCH-ALN-020.cisco.com (173.36.7.30) with Microsoft SMTP Server (TLS) id 15.0.1104.5; Tue, 1 Sep 2015 10:06:18 -0500
Received: from xhc-aln-x11.cisco.com (173.36.12.85) by xch-aln-020.cisco.com (173.36.7.30) with Microsoft SMTP Server (TLS) id 15.0.1104.5 via Frontend Transport; Tue, 1 Sep 2015 10:06:18 -0500
Received: from xmb-aln-x12.cisco.com ([169.254.7.226]) by xhc-aln-x11.cisco.com ([173.36.12.85]) with mapi id 14.03.0248.002; Tue, 1 Sep 2015 10:06:18 -0500
From: "Pierre Francois (pifranco)" <pifranco@cisco.com>
To: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>, Pierre Francois <pierre.francois@imdea.org>
Thread-Topic: Kathleen Moriarty's No Objection on draft-ietf-grow-filtering-threats-07: (with COMMENT)
Thread-Index: AQHQ5Lyuwr8pSnBJaUe5R+ibuNasNp4oFWCAgAAl+4A=
Date: Tue, 01 Sep 2015 15:06:17 +0000
Message-ID: <D20B88FF.42A92%pifranco@cisco.com>
References: <20150820130502.24837.95129.idtracker@ietfa.amsl.com> <6E1C79F9-2805-43BF-BBD1-47319054A7FA@imdea.org> <CAHbuEH4Gucr+2MBU96Vt7v5u_GUeheOC8FHTDvY0kosw6H+1TQ@mail.gmail.com>
In-Reply-To: <CAHbuEH4Gucr+2MBU96Vt7v5u_GUeheOC8FHTDvY0kosw6H+1TQ@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [64.101.220.144]
Content-Type: text/plain; charset="Windows-1252"
Content-ID: <927B0686972CA0478C84271EA08DEC2E@emea.cisco.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/grow/BSwgy7-wKb-GnWU2Bi1CWLour6Q>
X-Mailman-Approved-At: Sat, 05 Sep 2015 08:22:03 -0700
Cc: "<grow-chairs@ietf.org>" <grow-chairs@ietf.org>, "grow@ietf.org" <grow@ietf.org>, "draft-ietf-grow-filtering-threats.ad@ietf.org" <draft-ietf-grow-filtering-threats.ad@ietf.org>, "draft-ietf-grow-filtering-threats@ietf.org" <draft-ietf-grow-filtering-threats@ietf.org>, The IESG <iesg@ietf.org>, "draft-ietf-grow-filtering-threats.shepherd@ietf.org" <draft-ietf-grow-filtering-threats.shepherd@ietf.org>
Subject: Re: [GROW] Kathleen Moriarty's No Objection on draft-ietf-grow-filtering-threats-07: (with COMMENT)
X-BeenThere: grow@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Grow Working Group Mailing List <grow.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/grow>, <mailto:grow-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/grow/>
List-Post: <mailto:grow@ietf.org>
List-Help: <mailto:grow-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/grow>, <mailto:grow-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Sep 2015 15:06:23 -0000
Kathleen, On 01/09/15 16:50, "Kathleen Moriarty" <kathleen.moriarty.ietf@gmail.com> wrote: >Hi Pierre, > >Thanks for your response, questions inline. > >On Tue, Sep 1, 2015 at 9:46 AM, Pierre Francois ><pierre.francois@imdea.org> wrote: >> Hello Kathleen, >> >> On 20 Aug 2015, at 15:05, Kathleen Moriarty >> <kathleen.moriarty.ietf@gmail.com> wrote: >> >> Kathleen Moriarty has entered the following ballot position for >> draft-ietf-grow-filtering-threats-07: No Objection >> >> >> ---------------------------------------------------------------------- >> COMMENT: >> ‹‹‹‹‹‹‹‹‹‹‹‹‹‹‹‹‹‹‹‹‹‹‹‹‹‹‹‹‹‹‹‹‹‹‹ >> >> >> Thank you for your comments ! >> >> >> Please add in the proposed text from the SecDir review to address his >> questions: >> https://www.ietf.org/mail-archive/web/secdir/current/msg05855.html >> >> >> The last revision of the document contains the following changes, based >>on >> consensus of community and secdir feedback, to strike balance between >> malicious >> and non malicious reasons for triggering the documented behaviour. >> >> Introduction: >> >> OLD: The objective of this draft is to shed light on possible side >>effects >> associated with more specific prefix filtering. This document presents >> examples of such side effects and discusses approaches towards >>solutions to >> the problem. >> >> NEW: The objective of this draft is to shed light on possible side >>effects >> associated with such more specific prefix filtering. >> Such actions can be explained by traffic engineering action, >> misconfiguration, or malicious intent. >> This document presents examples of such side effects and discusses >> approaches towards solutions to the problem. >> >> >> >> Additionally, I'd like to see the Security Considerations mention a >>point >> brought up earlier in the draft, namely that the filtering could cause >> traffic to be routed back through a path that doesn't have information >> for that more specific AS. As such, this essentially could cause a DoS >> on that traffic until the BGP route allows for the new path for the more >> specific AS. >> >> >> Actually, the traffic to the prefix P is routed towards an AS A that >> does not have a path for the more specific prefix P, but this AS has a >>path >> for a prefix P' covering P. So the traffic makes it to the destination, >>but >> via some unexpected path through A. So this is not a DoS per se, is it? > >In section 4.1, you have the following text as bullet 2, which looks >like a potential DoS vector to me: > > o An operator can decide to filter out the more specific prefix at > the peering session over which it was received. In the example of > Figure 5, AS64502 would filter out the incoming prefix > 2001:DB8::/34 from the eBGP session with AS64505. As a result, > the traffic destined to that /32 would be forwarded by AS64502 > along its link with AS64501, despite the actions performed by > AS64501 to have this traffic coming in through its link with > AS64503. However, as AS64502 will no longer know a route to the > more specific prefix, it risks losing the traffic share from > customers different from AS64501 to that prefix. Furthermore, > this action can generate conflicts between AS64502 and AS64501, > since AS64502 does not follow the routing information expressed by > AS64501 in its BGP announcements. We say that AS64502 will lose traffic *share* for the /34, in the sense that it looses the market share of the transit between his customers and the rest of the topology, for the traffic whose destination is the /34. Traffic would not be lost, it will either be forwarded as per the /32, or by other ASes which received and propagated the /34. > >> >> Now if the unexpected path through A is under-provisioned, traffic will >>be >> lost. But that would be a bit strange for the owner of P to do the >> documented >> trick to trigger a DoS of its own prefix P, wouldn¹t it? >> >> So can I really talk about a DoS vector here? If someone else than the >> owner of P plays games with P to trigger the unexpected path for P >>through >> A, then it definitely becomes one, but there we fall in the classic >>cases >> of prefix hi-jacking. > >I don't see a pointer in the security considerations to other work >describing this threat as a consideration, should this be included? >It sounds as if it should be. Well, I have the feeling that it is quite out of the scope of this document, which is about playing with more specific prefixes injection bound with restricted propagation. I am not sure I should mention prefix hi-jacking here, as it¹s quite a different, well-document approach; I inject a more specific prefix that belongs to someone else and I drop the traffic. I don¹t know what others think about this. Cheers, Pierre. > >Thanks, >Kathleen > >> >> Cheers, >> >> Pierre. >> >> >> The importance of mentioning this int he security >> considerations section is to more explicitly call this out as a >>potential >> DoS attack method. The time for BGP to repropagate might be short(ish), >> but that could be a critical amount of time during an event and maybe >>the >> more specific AS is a web server farm or some other critical resource. >> >> >> > > > >-- > >Best regards, >Kathleen
- [GROW] Kathleen Moriarty's No Objection on draft-… Kathleen Moriarty
- Re: [GROW] Kathleen Moriarty's No Objection on dr… Pierre Francois
- Re: [GROW] Kathleen Moriarty's No Objection on dr… Kathleen Moriarty
- Re: [GROW] Kathleen Moriarty's No Objection on dr… Peter Schoenmaker
- Re: [GROW] Kathleen Moriarty's No Objection on dr… joel jaeggli
- Re: [GROW] Kathleen Moriarty's No Objection on dr… Kathleen Moriarty
- Re: [GROW] Kathleen Moriarty's No Objection on dr… Pierre Francois (pifranco)