IETF Logo Mail Archive

Re: [Ideas] [lisp] FW: Technical plenary: Attacks against the architecture - implications for the Network Mapping System

"Templin, Fred L" <Fred.L.Templin@boeing.com> Mon, 31 October 2016 16:31 UTC

Return-Path: <Fred.L.Templin@boeing.com>
X-Original-To: ideas@ietfa.amsl.com
Delivered-To: ideas@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 00393128B44; Mon, 31 Oct 2016 09:31:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.22
X-Spam-Level:
X-Spam-Status: No, score=-4.22 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id amJXxWZqLdN9; Mon, 31 Oct 2016 09:31:16 -0700 (PDT)
Received: from phx-mbsout-02.mbs.boeing.net (phx-mbsout-02.mbs.boeing.net [130.76.184.179]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4E7A91298B9; Mon, 31 Oct 2016 09:31:16 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by phx-mbsout-02.mbs.boeing.net (8.14.4/8.14.4/DOWNSTREAM_MBSOUT) with SMTP id u9VGVFKB048562; Mon, 31 Oct 2016 09:31:15 -0700
Received: from XCH15-06-11.nw.nos.boeing.com (xch15-06-11.nw.nos.boeing.com [137.136.239.220]) by phx-mbsout-02.mbs.boeing.net (8.14.4/8.14.4/UPSTREAM_MBSOUT) with ESMTP id u9VGVB53048540 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=OK); Mon, 31 Oct 2016 09:31:11 -0700
Received: from XCH15-06-08.nw.nos.boeing.com (137.136.238.222) by XCH15-06-11.nw.nos.boeing.com (137.136.239.220) with Microsoft SMTP Server (TLS) id 15.0.1178.4; Mon, 31 Oct 2016 09:31:10 -0700
Received: from XCH15-06-08.nw.nos.boeing.com ([137.136.238.222]) by XCH15-06-08.nw.nos.boeing.com ([137.136.238.222]) with mapi id 15.00.1178.000; Mon, 31 Oct 2016 09:31:10 -0700
From: "Templin, Fred L" <Fred.L.Templin@boeing.com>
To: Padma Pillay-Esnault <padma.ietf@gmail.com>, Dino Farinacci <farinacci@gmail.com>
Thread-Topic: [lisp] [Ideas] FW: Technical plenary: Attacks against the architecture - implications for the Network Mapping System
Thread-Index: AQHSMfrdtNRXbsmgRk6cjS2L0R6v+aDAIsoAgAAFJACAApt/8A==
Date: Mon, 31 Oct 2016 16:31:10 +0000
Message-ID: <1fb6fb630dd345cf8bed1d8164b04dd2@XCH15-06-08.nw.nos.boeing.com>
References: <EC7A99B9A59C1B4695037EEB5036666B012C63D0@dfweml501-mbb> <85dd645c-37ca-0839-a175-2fb05539fbf2@joelhalpern.com> <CAG-CQxr8gXiQi_D1PNN6HMk7NVc6P62kPsZicLdm1PgfL41prA@mail.gmail.com> <09534746-0A8F-4CAB-9778-5032F90604F0@gmail.com> <CAG-CQxpZoQWPp_wBpNLTB3ATUJrSB9=kwM05YKiB7i8_x3XTLg@mail.gmail.com>
In-Reply-To: <CAG-CQxpZoQWPp_wBpNLTB3ATUJrSB9=kwM05YKiB7i8_x3XTLg@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [137.136.248.6]
Content-Type: multipart/alternative; boundary="_000_1fb6fb630dd345cf8bed1d8164b04dd2XCH150608nwnosboeingcom_"
MIME-Version: 1.0
X-TM-AS-MML: disable
Archived-At: <https://mailarchive.ietf.org/arch/msg/ideas/a-EEEciAKy40yDj6Gx4-QGnzups>
Cc: "ideas@ietf.org" <ideas@ietf.org>, "lisp@ietf.org" <lisp@ietf.org>
Subject: Re: [Ideas] [lisp] FW: Technical plenary: Attacks against the architecture - implications for the Network Mapping System
X-BeenThere: ideas@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Discussions relating to the development, clarification, and implementation of control-plane infrastructures and functionalities in ID enabled networks." <ideas.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ideas>, <mailto:ideas-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ideas/>
List-Post: <mailto:ideas@ietf.org>
List-Help: <mailto:ideas-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ideas>, <mailto:ideas-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 31 Oct 2016 16:31:18 -0000

Hi, one observation and one question. The observation is that anything on the open
Internet that provides a service can be subject to Denial of Service – and, I am not
just talking about the LISP mapping system. The question is how is it that we have
not yet seen DoS attacks take down critical Internet services such as online banking;
have we just been lucky up to now?

Thanks - Fred

From: lisp [mailto:lisp-bounces@ietf.org] On Behalf Of Padma Pillay-Esnault
Sent: Saturday, October 29, 2016 10:39 AM
To: Dino Farinacci <farinacci@gmail.com>
Cc: ideas@ietf.org; lisp@ietf.org
Subject: Re: [lisp] [Ideas] FW: Technical plenary: Attacks against the architecture - implications for the Network Mapping System



On Sat, Oct 29, 2016 at 10:20 AM, Dino Farinacci <farinacci@gmail.com<mailto:farinacci@gmail.com>> wrote:
> In section 5 of draft-padma-ideas-problem-statement, there is a section in the table which specifically discuss about the structure of IDs and whether we should used them for specific classes or as the Network Mapping system is proposing to attach metadata to ID.

Maybe we can experiment with the EID-prefix block 2001:5::/32 from RFC 7954/7955 to allocate sub-blocks from large regions of the world. Yes, geographical allocations without the issue of the past, since EIDs are not injected into the underlay routing and are not based on Internet topology.

Do this first and then decide which, say continent block is registered to a regional mapping system. And if an ID needs to register to multiple mapping systems. The mapping systems should considered to be relatively local in scope and may overlap.

This could help mitigate DoS attacks to a smaller (but still scalable) part of the infrastructure.

 <Padma> Agree.

Thanks
Padma

Dino

v2.23.0 | Report a Bug | By Email