Re: [Ideas] [lisp] FW: Technical plenary: Attacks against the architecture - implications for the Network Mapping System
"Templin, Fred L" <Fred.L.Templin@boeing.com> Mon, 31 October 2016 16:31 UTC
Return-Path: <Fred.L.Templin@boeing.com>
X-Original-To: ideas@ietfa.amsl.com
Delivered-To: ideas@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 00393128B44; Mon, 31 Oct 2016 09:31:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.22
X-Spam-Level:
X-Spam-Status: No, score=-4.22 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id amJXxWZqLdN9; Mon, 31 Oct 2016 09:31:16 -0700 (PDT)
Received: from phx-mbsout-02.mbs.boeing.net (phx-mbsout-02.mbs.boeing.net [130.76.184.179]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4E7A91298B9; Mon, 31 Oct 2016 09:31:16 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by phx-mbsout-02.mbs.boeing.net (8.14.4/8.14.4/DOWNSTREAM_MBSOUT) with SMTP id u9VGVFKB048562; Mon, 31 Oct 2016 09:31:15 -0700
Received: from XCH15-06-11.nw.nos.boeing.com (xch15-06-11.nw.nos.boeing.com [137.136.239.220]) by phx-mbsout-02.mbs.boeing.net (8.14.4/8.14.4/UPSTREAM_MBSOUT) with ESMTP id u9VGVB53048540 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=OK); Mon, 31 Oct 2016 09:31:11 -0700
Received: from XCH15-06-08.nw.nos.boeing.com (137.136.238.222) by XCH15-06-11.nw.nos.boeing.com (137.136.239.220) with Microsoft SMTP Server (TLS) id 15.0.1178.4; Mon, 31 Oct 2016 09:31:10 -0700
Received: from XCH15-06-08.nw.nos.boeing.com ([137.136.238.222]) by XCH15-06-08.nw.nos.boeing.com ([137.136.238.222]) with mapi id 15.00.1178.000; Mon, 31 Oct 2016 09:31:10 -0700
From: "Templin, Fred L" <Fred.L.Templin@boeing.com>
To: Padma Pillay-Esnault <padma.ietf@gmail.com>, Dino Farinacci <farinacci@gmail.com>
Thread-Topic: [lisp] [Ideas] FW: Technical plenary: Attacks against the architecture - implications for the Network Mapping System
Thread-Index: AQHSMfrdtNRXbsmgRk6cjS2L0R6v+aDAIsoAgAAFJACAApt/8A==
Date: Mon, 31 Oct 2016 16:31:10 +0000
Message-ID: <1fb6fb630dd345cf8bed1d8164b04dd2@XCH15-06-08.nw.nos.boeing.com>
References: <EC7A99B9A59C1B4695037EEB5036666B012C63D0@dfweml501-mbb> <85dd645c-37ca-0839-a175-2fb05539fbf2@joelhalpern.com> <CAG-CQxr8gXiQi_D1PNN6HMk7NVc6P62kPsZicLdm1PgfL41prA@mail.gmail.com> <09534746-0A8F-4CAB-9778-5032F90604F0@gmail.com> <CAG-CQxpZoQWPp_wBpNLTB3ATUJrSB9=kwM05YKiB7i8_x3XTLg@mail.gmail.com>
In-Reply-To: <CAG-CQxpZoQWPp_wBpNLTB3ATUJrSB9=kwM05YKiB7i8_x3XTLg@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [137.136.248.6]
Content-Type: multipart/alternative; boundary="_000_1fb6fb630dd345cf8bed1d8164b04dd2XCH150608nwnosboeingcom_"
MIME-Version: 1.0
X-TM-AS-MML: disable
Archived-At: <https://mailarchive.ietf.org/arch/msg/ideas/a-EEEciAKy40yDj6Gx4-QGnzups>
Cc: "ideas@ietf.org" <ideas@ietf.org>, "lisp@ietf.org" <lisp@ietf.org>
Subject: Re: [Ideas] [lisp] FW: Technical plenary: Attacks against the architecture - implications for the Network Mapping System
X-BeenThere: ideas@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Discussions relating to the development, clarification, and implementation of control-plane infrastructures and functionalities in ID enabled networks." <ideas.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ideas>, <mailto:ideas-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ideas/>
List-Post: <mailto:ideas@ietf.org>
List-Help: <mailto:ideas-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ideas>, <mailto:ideas-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 31 Oct 2016 16:31:18 -0000
Hi, one observation and one question. The observation is that anything on the open Internet that provides a service can be subject to Denial of Service – and, I am not just talking about the LISP mapping system. The question is how is it that we have not yet seen DoS attacks take down critical Internet services such as online banking; have we just been lucky up to now? Thanks - Fred From: lisp [mailto:lisp-bounces@ietf.org] On Behalf Of Padma Pillay-Esnault Sent: Saturday, October 29, 2016 10:39 AM To: Dino Farinacci <farinacci@gmail.com> Cc: ideas@ietf.org; lisp@ietf.org Subject: Re: [lisp] [Ideas] FW: Technical plenary: Attacks against the architecture - implications for the Network Mapping System On Sat, Oct 29, 2016 at 10:20 AM, Dino Farinacci <farinacci@gmail.com<mailto:farinacci@gmail.com>> wrote: > In section 5 of draft-padma-ideas-problem-statement, there is a section in the table which specifically discuss about the structure of IDs and whether we should used them for specific classes or as the Network Mapping system is proposing to attach metadata to ID. Maybe we can experiment with the EID-prefix block 2001:5::/32 from RFC 7954/7955 to allocate sub-blocks from large regions of the world. Yes, geographical allocations without the issue of the past, since EIDs are not injected into the underlay routing and are not based on Internet topology. Do this first and then decide which, say continent block is registered to a regional mapping system. And if an ID needs to register to multiple mapping systems. The mapping systems should considered to be relatively local in scope and may overlap. This could help mitigate DoS attacks to a smaller (but still scalable) part of the infrastructure. <Padma> Agree. Thanks Padma Dino
- [Ideas] FW: Technical plenary: Attacks against th… Padmadevi Pillay Esnault
- Re: [Ideas] [lisp] FW: Technical plenary: Attacks… Joel M. Halpern
- Re: [Ideas] [lisp] FW: Technical plenary: Attacks… Padma Pillay-Esnault
- Re: [Ideas] [lisp] FW: Technical plenary: Attacks… Joel M. Halpern
- Re: [Ideas] [lisp] FW: Technical plenary: Attacks… Dino Farinacci
- Re: [Ideas] [lisp] FW: Technical plenary: Attacks… Dino Farinacci
- Re: [Ideas] [lisp] FW: Technical plenary: Attacks… Padma Pillay-Esnault
- Re: [Ideas] [lisp] FW: Technical plenary: Attacks… Templin, Fred L
- Re: [Ideas] [lisp] FW: Technical plenary: Attacks… Dino Farinacci
- Re: [Ideas] [lisp] FW: Technical plenary: Attacks… Padmadevi Pillay Esnault