IETF Logo Mail Archive

Re: [lisp] [Ila] LISP for ILA

Dino Farinacci <farinacci@gmail.com> Fri, 16 March 2018 19:11 UTC

Return-Path: <farinacci@gmail.com>
X-Original-To: lisp@ietfa.amsl.com
Delivered-To: lisp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8D2EC1252BA; Fri, 16 Mar 2018 12:11:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7ZeJktdfZfMi; Fri, 16 Mar 2018 12:11:30 -0700 (PDT)
Received: from mail-pf0-x230.google.com (mail-pf0-x230.google.com [IPv6:2607:f8b0:400e:c00::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 14690120727; Fri, 16 Mar 2018 12:11:30 -0700 (PDT)
Received: by mail-pf0-x230.google.com with SMTP id q13so4520235pff.0; Fri, 16 Mar 2018 12:11:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=CzQNdzDt+FioqUuNtzCsI+UGhrIwVA9acCMf0q994cs=; b=JUAcdGWY2Z8WxNJ6a894PdroLDMOst9PRiremoX5oBE2vYhPLGFBw6wLxxk7FbGNGv i4VywEQsoi7XxO1e+bF8N6qzabc1iQbM4OZM3YPlG4PP6t2/0Jw61N9jJdRSYPb2BQxO zRLPQQH1CR5p+Z+CCYtfK2lBnZVAfY32ZAUdeGZ9B+5y/sE6HHG1+VSgLW4aVgc29+W4 GcPQDPUwpwfYjV2pSATz/KFZGcwUDnlt5zmvrfu0br8CMY+ajDC5THOLMl52d8Sd2dGt 4N0Irkp8aMaf0dUZz5tVVqeJlzm6wz8gdq+iFvwWnzwEzfc7V/huCNCYNz++EL/mp6dH 2+yA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=CzQNdzDt+FioqUuNtzCsI+UGhrIwVA9acCMf0q994cs=; b=DuTsdwTcvTIZ2Smsw/SnimqFKtjPKzTI+gxEfemSHxHp8EcD9NDEeCDy1FXoY3FCGq 4Fpobqy/f379cuRBFatCoEDDa2F54jeTVQ2qVNHrWKLAC+k286j8JJ3H1p7eAvq0fN8h eDx58Y7zl7wAW5azznvPbQ/bqaj5GFHwJwjmWgneph/L+El7xEcSLm8tADKVXVpI68ZT O2pX4jw1ZbEe9XyS0tCFJNDAXzroPy/EOBXHRuK56V/TqHy7P4eIHOGBgHZg7SsqW7Ba pP4KQYTP4aAJJyODnXBI4okSG5SqNqrKj7sMws30X88smY6Y/7GRsigKfB9LZKhee+sh 91AQ==
X-Gm-Message-State: AElRT7F1LQ1fp39gAu7IYPki0IbDXYGAdKeNrcMplShMyve21j3R/fn8 /VD6UX5VRVSz6C5ieooB7vY=
X-Google-Smtp-Source: AG47ELsmulqe7M3wUjjY62ELu3wzNucFZbTni94qjGeIVYtRV2DUgds7Pctc/uQziyaY80pTu5qLNA==
X-Received: by 10.99.177.66 with SMTP id g2mr2307674pgp.425.1521227489654; Fri, 16 Mar 2018 12:11:29 -0700 (PDT)
Received: from [10.31.79.147] ([96.72.181.209]) by smtp.gmail.com with ESMTPSA id a65sm9217900pfg.170.2018.03.16.12.11.28 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 16 Mar 2018 12:11:29 -0700 (PDT)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 11.2 \(3445.5.20\))
From: Dino Farinacci <farinacci@gmail.com>
In-Reply-To: <B5A8E79CDD2131468993EFC2426361DD9FB450C3@NYDC-EXCH01.vinci-consulting-corp.local>
Date: Fri, 16 Mar 2018 12:11:27 -0700
Cc: Tom Herbert <tom@quantonium.net>, David Meyer <dmm@1-4-5.net>, "ila@ietf.org" <ila@ietf.org>, "lisp@ietf.org" <lisp@ietf.org>, Dino Farinacci <farinacci@gmail.com>
Content-Transfer-Encoding: quoted-printable
Message-Id: <1DD250D5-1773-4C9C-84AC-62F1B6FDB133@gmail.com>
References: <F1093230-C087-4168-9C5F-8DA7AB677677@cisco.com> <CAPDqMer58nxEixtH=JuZh9WgM0xKkEQYEjwZ6zg3wTjD76gOHQ@mail.gmail.com> <F920CAE2-9042-41DF-B013-E8FE6F891596@cisco.com> <CAPDqMeriMzM82-R-JOgx4zuqJTk2YOoBaWV_58no2V8yPas9QA@mail.gmail.com> <CF1C238D-FBE9-48BC-A7A6-49E45249E5E2@cisco.com> <CAPDqMeqL1kE+N9APFOSR4fUaek0TjZuDZMZDzDmJfMvyLO38GA@mail.gmail.com> <DA74C61A-647A-44BA-8FE7-916CF8895C49@gmail.com> <CAPDqMeqkGH0ELN=XmqF3dmsdeAurE-y+_H9+_E8mzhHo9d9nXw@mail.gmail.com> <7793B214-A235-4795-983B-CCC75A0B90BE@gmail.com> <CAPDqMeo2bdmwSEkPk002W9oxPhyxnLrr-k9MYeR5ZXEG_OGH0g@mail.gmail.com> <11EDF4FB-8636-4DF2-B687-1AB4934C4F9D@gmail.com> <CAPDqMeoSLqC=mN_hcgiLe-3Dv0c=uezbrZZ9xHn47Osb7rfLVQ@mail.gmail.com> <16F3AEC4-EDCF-417B-8165-D22C48A06F3D@gmail.com> <B5A8E79CDD2131468993EFC2426361DD9FB450C3@NYDC-EXCH01.vinci-consulting-corp.local>
To: Paul Vinciguerra <pvinci@VinciConsulting.com>
X-Mailer: Apple Mail (2.3445.5.20)
Archived-At: <https://mailarchive.ietf.org/arch/msg/lisp/FzPd7TbuRKQvL4QIjLuHmehDZYQ>
Subject: Re: [lisp] [Ila] LISP for ILA
X-BeenThere: lisp@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: List for the discussion of the Locator/ID Separation Protocol <lisp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/lisp>, <mailto:lisp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/lisp/>
List-Post: <mailto:lisp@ietf.org>
List-Help: <mailto:lisp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/lisp>, <mailto:lisp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 16 Mar 2018 19:11:31 -0000

> Would it be practical to have the map server, having detected an attack, simply send a cookie back in its reply to the spoofed address and then stop replying for a period of time to the spoofed source address unless subsequent requests from that source address contained the cookie in an opaque LCAF or some other LCAF type? 

Thanks for the comment Paul. A couple points/comments here:

(1) I would hope that the Map-Request doesn’t go all the way to the Map-Server. That is the first time a Map-Request hits the mapping system is at the Map-Resolver node. We probably should put logic there on what is sent along the DDT route or how much is sent to the Map-Server if the Map-Resolver has the EID in the referral-cache. This is just a side comment.

(2) If the Map-Request is being spoofed, it isn’t a problem. When I say spoofed, I mean if the source address in the IP header is spoofed. It turns out the “ITR-RLOC” field in the Map-Request is where the Map-Reply goes to. But it depends what the bad actor looks like. If its a mis-configured spec-compliant xTR, then this could work. If this is a python hacker, it won’t do anything with the responses. Because its sole point is to disrupt the mapping system.

But this reminds me of a funny story a friend told me about 10 years ago when he was sick and tired of receiving physical junk mail at his house. What he did was collect all the junk mail, put it in one big envelope and put his address as the destination and put the source of the junk mail as the sender field. He then went to the post office and dropped it in the bin WITHOUT a stamp. So the heavy package was returned to sender. LOL.  ;-)

So maybe this story could be a solution to the problem. Why don’t we DoS attack the bad actor. Kill its bandwidth and CPU so it can’t attack us?  ;-) Of course the Map-Resolver would have to detect the situation, create a VM to be the attacker and launch it.  ;-)

I don’t know if I’m joking or serious about this. But the cloud providers would love this.  ;-)

Dino

v2.23.0 | Report a Bug | By Email