[ippm] security considerations on the TWAMP
Tianran Zhou <zhoutianran@huawei.com> Thu, 19 December 2019 04:15 UTC
Return-Path: <zhoutianran@huawei.com>
X-Original-To: ippm@ietfa.amsl.com
Delivered-To: ippm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 61ADE12004F; Wed, 18 Dec 2019 20:15:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id G_6aq_j2NrOZ; Wed, 18 Dec 2019 20:15:05 -0800 (PST)
Received: from huawei.com (lhrrgout.huawei.com [185.176.76.210]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EAFDF120018; Wed, 18 Dec 2019 20:15:04 -0800 (PST)
Received: from lhreml703-cah.china.huawei.com (unknown [172.18.7.107]) by Forcepoint Email with ESMTP id 88EE9A8B6BF845C82E8B; Thu, 19 Dec 2019 04:15:02 +0000 (GMT)
Received: from lhreml706-chm.china.huawei.com (10.201.108.55) by lhreml703-cah.china.huawei.com (10.201.108.44) with Microsoft SMTP Server (TLS) id 14.3.408.0; Thu, 19 Dec 2019 04:15:01 +0000
Received: from lhreml706-chm.china.huawei.com (10.201.108.55) by lhreml706-chm.china.huawei.com (10.201.108.55) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1713.5; Thu, 19 Dec 2019 04:15:01 +0000
Received: from NKGEML412-HUB.china.huawei.com (10.98.56.73) by lhreml706-chm.china.huawei.com (10.201.108.55) with Microsoft SMTP Server (version=TLS1_0, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P256) id 15.1.1713.5 via Frontend Transport; Thu, 19 Dec 2019 04:15:01 +0000
Received: from NKGEML515-MBX.china.huawei.com ([fe80::a54a:89d2:c471:ff]) by nkgeml412-hub.china.huawei.com ([10.98.56.73]) with mapi id 14.03.0439.000; Thu, 19 Dec 2019 12:14:52 +0800
From: Tianran Zhou <zhoutianran@huawei.com>
To: "secdir@ietf.org" <secdir@ietf.org>, IETF IPPM WG <ippm@ietf.org>
CC: Caoli <caoli@huawei.com>
Thread-Topic: security considerations on the TWAMP
Thread-Index: AdW2IE+K7R6ZTjm3QMWstOtse9zzeA==
Date: Thu, 19 Dec 2019 04:14:51 +0000
Message-ID: <BBA82579FD347748BEADC4C445EA0F21BF149C8C@NKGEML515-MBX.china.huawei.com>
Accept-Language: zh-CN, en-US
Content-Language: zh-CN
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.108.203.162]
Content-Type: multipart/alternative; boundary="_000_BBA82579FD347748BEADC4C445EA0F21BF149C8CNKGEML515MBXchi_"
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Archived-At: <https://mailarchive.ietf.org/arch/msg/ippm/HakEHO4hXt6qVPZLC6_m0NGQ_Gc>
Subject: [ippm] security considerations on the TWAMP
X-BeenThere: ippm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF IP Performance Metrics Working Group <ippm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ippm>, <mailto:ippm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ippm/>
List-Post: <mailto:ippm@ietf.org>
List-Help: <mailto:ippm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ippm>, <mailto:ippm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 19 Dec 2019 04:15:06 -0000
Hi IPPM and SecDir, When firstly set up the control session between the client and the server, TWAMP(RFC5357) server will listen on a specific TCP port. By default, the well-known port is 862. However, RFC 5357 does not provide mechanism to restrict the source IP address of the request. How do you think about the potential DDOS attack risk from the unknown IP source addresses? Thanks, Tianran
- [ippm] security considerations on the TWAMP Tianran Zhou
- Re: [ippm] security considerations on the TWAMP MORTON, ALFRED C (AL)
- Re: [ippm] security considerations on the TWAMP Tianran Zhou