Re: [GROW] Kathleen Moriarty's No Objection on draft-ietf-grow-filtering-threats-07: (with COMMENT)
Peter Schoenmaker <pds@lugs.com> Tue, 01 September 2015 15:16 UTC
Return-Path: <pds@lugs.com>
X-Original-To: grow@ietfa.amsl.com
Delivered-To: grow@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BCA521B343F; Tue, 1 Sep 2015 08:16:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.601
X-Spam-Level:
X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wYsEAEPv1Hit; Tue, 1 Sep 2015 08:16:10 -0700 (PDT)
Received: from BLU004-OMC2S5.hotmail.com (blu004-omc2s5.hotmail.com [65.55.111.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 36E8D1B300F; Tue, 1 Sep 2015 08:16:09 -0700 (PDT)
Received: from BLU436-SMTP231 ([65.55.111.72]) by BLU004-OMC2S5.hotmail.com over TLS secured channel with Microsoft SMTPSVC(7.5.7601.23008); Tue, 1 Sep 2015 08:16:08 -0700
X-TMN: [inK9xHjTqcTi5XAs13ddTIhE+F46VLPg]
X-Originating-Email: [pds@lugs.com]
Message-ID: <BLU436-SMTP231745F11AFC42C537F7EB2DF6A0@phx.gbl>
User-Agent: Microsoft-MacOutlook/0.0.0.150807
Date: Tue, 01 Sep 2015 16:16:13 +0100
From: Peter Schoenmaker <pds@lugs.com>
To: "Pierre Francois (pifranco)" <pifranco@cisco.com>, Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>, Pierre Francois <pierre.francois@imdea.org>
Thread-Topic: Kathleen Moriarty's No Objection on draft-ietf-grow-filtering-threats-07: (with COMMENT)
References: <20150820130502.24837.95129.idtracker@ietfa.amsl.com> <6E1C79F9-2805-43BF-BBD1-47319054A7FA@imdea.org> <CAHbuEH4Gucr+2MBU96Vt7v5u_GUeheOC8FHTDvY0kosw6H+1TQ@mail.gmail.com> <D20B88FF.42A92%pifranco@cisco.com>
In-Reply-To: <D20B88FF.42A92%pifranco@cisco.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-OriginalArrivalTime: 01 Sep 2015 15:16:06.0606 (UTC) FILETIME=[1FC136E0:01D0E4C9]
Archived-At: <http://mailarchive.ietf.org/arch/msg/grow/jO1D6CwJeeZ8Ti8IdWlXklI-qAM>
Cc: "<grow-chairs@ietf.org>" <grow-chairs@ietf.org>, "grow@ietf.org" <grow@ietf.org>, "draft-ietf-grow-filtering-threats.ad@ietf.org" <draft-ietf-grow-filtering-threats.ad@ietf.org>, "draft-ietf-grow-filtering-threats@ietf.org" <draft-ietf-grow-filtering-threats@ietf.org>, The IESG <iesg@ietf.org>, "draft-ietf-grow-filtering-threats.shepherd@ietf.org" <draft-ietf-grow-filtering-threats.shepherd@ietf.org>
Subject: Re: [GROW] Kathleen Moriarty's No Objection on draft-ietf-grow-filtering-threats-07: (with COMMENT)
X-BeenThere: grow@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Grow Working Group Mailing List <grow.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/grow>, <mailto:grow-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/grow/>
List-Post: <mailto:grow@ietf.org>
List-Help: <mailto:grow-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/grow>, <mailto:grow-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Sep 2015 15:16:11 -0000
> >> >>> >>> Now if the unexpected path through A is under-provisioned, traffic will >>>be >>> lost. But that would be a bit strange for the owner of P to do the >>> documented >>> trick to trigger a DoS of its own prefix P, wouldn¹t it? >>> >>> So can I really talk about a DoS vector here? If someone else than the >>> owner of P plays games with P to trigger the unexpected path for P >>>through >>> A, then it definitely becomes one, but there we fall in the classic >>>cases >>> of prefix hi-jacking. >> >>I don't see a pointer in the security considerations to other work >>describing this threat as a consideration, should this be included? >>It sounds as if it should be. > > >Well, I have the feeling that it is quite out of the scope of this >document, which is about playing with more specific prefixes injection >bound >with restricted propagation. I am not sure I should mention prefix >hi-jacking here, as it¹s quite a different, well-document approach; I >inject a more specific prefix that belongs to someone else and I drop the >traffic. > >I don¹t know what others think about this. I would agree this is out of scope for the document. The traffic makes it to the intended and correct destination. There are no rogue players involved (at least more than normal which is covered extensively in other documents as pierre points out.) The main point is how traffic is routed through different networks. peter > >Cheers, > >Pierre. > > >> >>Thanks, >>Kathleen >> >>> >>> Cheers, >>> >>> Pierre. >>> >>> >>> The importance of mentioning this int he security >>> considerations section is to more explicitly call this out as a >>>potential >>> DoS attack method. The time for BGP to repropagate might be short(ish), >>> but that could be a critical amount of time during an event and maybe >>>the >>> more specific AS is a web server farm or some other critical resource. >>> >>> >>> >> >> >> >>-- >> >>Best regards, >>Kathleen >
- [GROW] Kathleen Moriarty's No Objection on draft-… Kathleen Moriarty
- Re: [GROW] Kathleen Moriarty's No Objection on dr… Pierre Francois
- Re: [GROW] Kathleen Moriarty's No Objection on dr… Kathleen Moriarty
- Re: [GROW] Kathleen Moriarty's No Objection on dr… Peter Schoenmaker
- Re: [GROW] Kathleen Moriarty's No Objection on dr… joel jaeggli
- Re: [GROW] Kathleen Moriarty's No Objection on dr… Kathleen Moriarty
- Re: [GROW] Kathleen Moriarty's No Objection on dr… Pierre Francois (pifranco)