IETF Logo Mail Archive

Re: [GROW] Kathleen Moriarty's No Objection on draft-ietf-grow-filtering-threats-07: (with COMMENT)

Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> Tue, 01 September 2015 14:50 UTC

Return-Path: <kathleen.moriarty.ietf@gmail.com>
X-Original-To: grow@ietfa.amsl.com
Delivered-To: grow@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CE8861B4983; Tue, 1 Sep 2015 07:50:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TtcmBq7gezYs; Tue, 1 Sep 2015 07:50:46 -0700 (PDT)
Received: from mail-wi0-x232.google.com (mail-wi0-x232.google.com [IPv6:2a00:1450:400c:c05::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0000F1B4CDB; Tue, 1 Sep 2015 07:50:18 -0700 (PDT)
Received: by wicfx3 with SMTP id fx3so15388864wic.0; Tue, 01 Sep 2015 07:50:17 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=VXZ7hhidkuqM08oiVPGwfHgXTQCYEIlFkvr9fSbB+1s=; b=sA+jQOOV+1l0wqm2TySG9RQGtaDfQX8uPnG/8gKah//rDEJ8Lx+TBSDoN2jJPA1W/R eemC5Jo1jFCi0AJYKpff5vhRTa2lnD7nhRVUsnCk1W2/c2e+0j03ifup0rG1i6fJSRud L3eSCPtWmQ/sLFNAW7MARIS7OCWbq/1CHnR/DQbfP29oRcoRPY7aDzfY/P/LYzw/YluI 6vt24CpfKiODMNT/xx4Y1biGGpdVzavq8/d2W6t7eEvxdnAb1bUWxkoSrgR2eAuiDrE4 91SiQIMrsVvWxNIiMpa4W2fQWTFmZwjuQbBGwNVPby/Out+Rxjp9dkxWITx6u73PF/1d N0Cw==
MIME-Version: 1.0
X-Received: by 10.180.73.229 with SMTP id o5mr3697050wiv.36.1441119017437; Tue, 01 Sep 2015 07:50:17 -0700 (PDT)
Received: by 10.28.157.84 with HTTP; Tue, 1 Sep 2015 07:50:17 -0700 (PDT)
In-Reply-To: <6E1C79F9-2805-43BF-BBD1-47319054A7FA@imdea.org>
References: <20150820130502.24837.95129.idtracker@ietfa.amsl.com> <6E1C79F9-2805-43BF-BBD1-47319054A7FA@imdea.org>
Date: Tue, 01 Sep 2015 10:50:17 -0400
Message-ID: <CAHbuEH4Gucr+2MBU96Vt7v5u_GUeheOC8FHTDvY0kosw6H+1TQ@mail.gmail.com>
From: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
To: Pierre Francois <pierre.francois@imdea.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <http://mailarchive.ietf.org/arch/msg/grow/XZ6MCof_2cowzoBqcyQh0fId9EY>
Cc: "<grow-chairs@ietf.org>" <grow-chairs@ietf.org>, grow@ietf.org, draft-ietf-grow-filtering-threats.ad@ietf.org, draft-ietf-grow-filtering-threats@ietf.org, The IESG <iesg@ietf.org>, Pierre Francois <pifranco@cisco.com>, draft-ietf-grow-filtering-threats.shepherd@ietf.org
Subject: Re: [GROW] Kathleen Moriarty's No Objection on draft-ietf-grow-filtering-threats-07: (with COMMENT)
X-BeenThere: grow@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Grow Working Group Mailing List <grow.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/grow>, <mailto:grow-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/grow/>
List-Post: <mailto:grow@ietf.org>
List-Help: <mailto:grow-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/grow>, <mailto:grow-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Sep 2015 14:50:52 -0000

Hi Pierre,

Thanks for your response, questions inline.

On Tue, Sep 1, 2015 at 9:46 AM, Pierre Francois
<pierre.francois@imdea.org> wrote:
> Hello Kathleen,
>
> On 20 Aug 2015, at 15:05, Kathleen Moriarty
> <kathleen.moriarty.ietf@gmail.com> wrote:
>
> Kathleen Moriarty has entered the following ballot position for
> draft-ietf-grow-filtering-threats-07: No Objection
>
>
> ----------------------------------------------------------------------
> COMMENT:
> ———————————————————————————————————
>
>
> Thank you for your comments !
>
>
> Please add in the proposed text from the SecDir review to address his
> questions:
> https://www.ietf.org/mail-archive/web/secdir/current/msg05855.html
>
>
> The last revision of the document contains the following changes, based on
> consensus of community and secdir feedback, to strike balance between
> malicious
> and non malicious reasons for triggering the documented behaviour.
>
> Introduction:
>
> OLD: The objective of this draft is to shed light on possible side effects
> associated with more specific prefix filtering. This document presents
> examples of such side effects and discusses approaches towards solutions to
> the problem.
>
> NEW:  The objective of this draft is to shed light on possible side effects
> associated with such more specific prefix filtering.
> Such actions can be explained by traffic engineering action,
> misconfiguration, or malicious intent.
> This document presents examples of such side effects and discusses
> approaches towards solutions to the problem.
>
>
>
> Additionally, I'd like to see the Security Considerations mention a point
> brought up earlier in the draft, namely that the filtering could cause
> traffic to be routed back through a path that doesn't have information
> for that more specific AS.  As such, this essentially could cause a DoS
> on that traffic until the BGP route allows for the new path for the more
> specific AS.
>
>
> Actually, the traffic to the prefix P is routed towards an AS A that
> does not have a path for the more specific prefix P, but this AS has a path
> for a prefix P' covering P. So the traffic makes it to the destination, but
> via some unexpected path through A. So this is not a DoS per se, is it?

In section 4.1, you have the following text as bullet 2, which looks
like a potential DoS vector to me:

 o  An operator can decide to filter out the more specific prefix at
      the peering session over which it was received.  In the example of
      Figure 5, AS64502 would filter out the incoming prefix
      2001:DB8::/34 from the eBGP session with AS64505.  As a result,
      the traffic destined to that /32 would be forwarded by AS64502
      along its link with AS64501, despite the actions performed by
      AS64501 to have this traffic coming in through its link with
      AS64503.  However, as AS64502 will no longer know a route to the
      more specific prefix, it risks losing the traffic share from
      customers different from AS64501 to that prefix.  Furthermore,
      this action can generate conflicts between AS64502 and AS64501,
      since AS64502 does not follow the routing information expressed by
      AS64501 in its BGP announcements.

>
> Now if the unexpected path through A is under-provisioned, traffic will be
> lost. But that would be a bit strange for the owner of P to do the
> documented
> trick to trigger a DoS of its own prefix P, wouldn’t it?
>
> So can I really talk about a DoS vector here? If someone else than the
> owner of P plays games with P to trigger the unexpected path for P through
> A, then it definitely becomes one, but there we fall in the classic cases
> of prefix hi-jacking.

I don't see a pointer in the security considerations to other work
describing this threat as a consideration, should this be included?
It sounds as if it should be.

Thanks,
Kathleen

>
> Cheers,
>
> Pierre.
>
>
> The importance of mentioning this int he security
> considerations section is to more explicitly call this out as a potential
> DoS attack method.  The time for BGP to repropagate might be short(ish),
> but that could be a critical amount of time during an event and maybe the
> more specific AS is a web server farm or some other critical resource.
>
>
>



-- 

Best regards,
Kathleen

v2.23.0 | Report a Bug | By Email