Re: [ippm] security considerations on the TWAMP
Tianran Zhou <zhoutianran@huawei.com> Mon, 23 December 2019 06:12 UTC
Return-Path: <zhoutianran@huawei.com>
X-Original-To: ippm@ietfa.amsl.com
Delivered-To: ippm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 078EC120072; Sun, 22 Dec 2019 22:12:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id L6_08MsNpCod; Sun, 22 Dec 2019 22:12:48 -0800 (PST)
Received: from huawei.com (lhrrgout.huawei.com [185.176.76.210]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EDA1D120025; Sun, 22 Dec 2019 22:12:47 -0800 (PST)
Received: from lhreml703-cah.china.huawei.com (unknown [172.18.7.108]) by Forcepoint Email with ESMTP id DC5CA2F584BF82B4E3B2; Mon, 23 Dec 2019 06:12:43 +0000 (GMT)
Received: from lhreml710-chm.china.huawei.com (10.201.108.61) by lhreml703-cah.china.huawei.com (10.201.108.44) with Microsoft SMTP Server (TLS) id 14.3.408.0; Mon, 23 Dec 2019 06:12:43 +0000
Received: from lhreml710-chm.china.huawei.com (10.201.108.61) by lhreml710-chm.china.huawei.com (10.201.108.61) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1713.5; Mon, 23 Dec 2019 06:12:43 +0000
Received: from NKGEML413-HUB.china.huawei.com (10.98.56.74) by lhreml710-chm.china.huawei.com (10.201.108.61) with Microsoft SMTP Server (version=TLS1_0, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA) id 15.1.1713.5 via Frontend Transport; Mon, 23 Dec 2019 06:12:43 +0000
Received: from NKGEML515-MBX.china.huawei.com ([fe80::a54a:89d2:c471:ff]) by NKGEML413-HUB.china.huawei.com ([10.98.56.74]) with mapi id 14.03.0439.000; Mon, 23 Dec 2019 14:12:32 +0800
From: Tianran Zhou <zhoutianran@huawei.com>
To: "MORTON, ALFRED C (AL)" <acm@research.att.com>, "secdir@ietf.org" <secdir@ietf.org>, IETF IPPM WG <ippm@ietf.org>
CC: Caoli <caoli@huawei.com>
Thread-Topic: security considerations on the TWAMP
Thread-Index: AdW2IE+K7R6ZTjm3QMWstOtse9zzeAAULTEgALmpQHA=
Date: Mon, 23 Dec 2019 06:12:31 +0000
Message-ID: <BBA82579FD347748BEADC4C445EA0F21BF1634A1@NKGEML515-MBX.china.huawei.com>
References: <BBA82579FD347748BEADC4C445EA0F21BF149C8C@NKGEML515-MBX.china.huawei.com> <4D7F4AD313D3FC43A053B309F97543CFA6F0F0C2@njmtexg5.research.att.com>
In-Reply-To: <4D7F4AD313D3FC43A053B309F97543CFA6F0F0C2@njmtexg5.research.att.com>
Accept-Language: zh-CN, en-US
Content-Language: zh-CN
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.108.203.162]
Content-Type: multipart/alternative; boundary="_000_BBA82579FD347748BEADC4C445EA0F21BF1634A1NKGEML515MBXchi_"
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Archived-At: <https://mailarchive.ietf.org/arch/msg/ippm/GHr0EdsZuMU5rQepFHJAkHqssKw>
Subject: Re: [ippm] security considerations on the TWAMP
X-BeenThere: ippm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF IP Performance Metrics Working Group <ippm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ippm>, <mailto:ippm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ippm/>
List-Post: <mailto:ippm@ietf.org>
List-Help: <mailto:ippm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ippm>, <mailto:ippm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 23 Dec 2019 06:12:50 -0000
Thanks Al! Good to know your opinion on this. Merry Christmas! Tianran From: MORTON, ALFRED C (AL) [mailto:acm@research.att.com] Sent: Thursday, December 19, 2019 9:38 PM To: Tianran Zhou <zhoutianran@huawei.com>; secdir@ietf.org; IETF IPPM WG <ippm@ietf.org> Cc: Caoli <caoli@huawei.com> Subject: RE: security considerations on the TWAMP Allow only known addresses, or block entire address blocks where most attacks are coming from. Use ACLs, IPtables, firewalls, etc. IOW, there are plenty of mechanisms beyond TWAMP to meet this need. Al From: ippm [mailto:ippm-bounces@ietf.org] On Behalf Of Tianran Zhou Sent: Wednesday, December 18, 2019 11:15 PM To: secdir@ietf.org<mailto:secdir@ietf.org>; IETF IPPM WG <ippm@ietf.org<mailto:ippm@ietf.org>> Cc: Caoli <caoli@huawei.com<mailto:caoli@huawei.com>> Subject: [ippm] security considerations on the TWAMP Hi IPPM and SecDir, When firstly set up the control session between the client and the server, TWAMP(RFC5357) server will listen on a specific TCP port. By default, the well-known port is 862. However, RFC 5357 does not provide mechanism to restrict the source IP address of the request. How do you think about the potential DDOS attack risk from the unknown IP source addresses? Thanks, Tianran
- [ippm] security considerations on the TWAMP Tianran Zhou
- Re: [ippm] security considerations on the TWAMP MORTON, ALFRED C (AL)
- Re: [ippm] security considerations on the TWAMP Tianran Zhou