Re: [lisp] Restarting last call on LISP threats

Ronald Bonica <> Mon, 26 May 2014 04:51 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 90E021A046C for <>; Sun, 25 May 2014 21:51:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -101.902
X-Spam-Status: No, score=-101.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, USER_IN_WHITELIST=-100] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id l3GQlJwZXc91 for <>; Sun, 25 May 2014 21:51:29 -0700 (PDT)
Received: from ( []) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 503091A0454 for <>; Sun, 25 May 2014 21:51:29 -0700 (PDT)
Received: from ( by ( with Microsoft SMTP Server (TLS) id 15.0.944.11; Mon, 26 May 2014 04:51:24 +0000
Received: from ([]) by ([]) with mapi id 15.00.0949.001; Mon, 26 May 2014 04:51:24 +0000
From: Ronald Bonica <>
To: Dino Farinacci <>
Thread-Topic: [lisp] Restarting last call on LISP threats
Date: Mon, 26 May 2014 04:51:22 +0000
Message-ID: <>
References: <> <> <> <> <> <> <> <> <> <> <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
x-originating-ip: []
x-forefront-prvs: 02234DBFF6
x-forefront-antispam-report: SFV:NSPM; SFS:(6009001)(428001)(51704005)(189002)(199002)(87936001)(81542001)(20776003)(92566001)(80022001)(21056001)(74502001)(74662001)(76576001)(77982001)(4396001)(86362001)(99286001)(31966008)(1411001)(81342001)(46102001)(83072002)(33646001)(64706001)(66066001)(101416001)(99396002)(54356999)(2656002)(76176999)(74316001)(85852003)(50986999)(83322001)(76482001)(79102001)(24736002); DIR:OUT; SFP:; SCL:1; SRVR:CO1PR05MB443;; FPR:; MLV:sfv; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
received-spf: None (: does not designate permitted sender hosts)
authentication-results: spf=none (sender IP is );
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: Roger Jorgensen <>, "" <>
Subject: Re: [lisp] Restarting last call on LISP threats
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: List for the discussion of the Locator/ID Separation Protocol <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 26 May 2014 04:51:31 -0000


You have a very good point! Rather than arguing about whether DoS attacks against the control plane are possible, a more constructive course of action might be:

a) to document the attacks
b) to brainstorm for mitgations

IMHO, a) should definitely happen in the threats document. It should include DoS attacks initiated by attackers:

a1) who are outside of LISP sites
a2) who are inside of LISP sites

Mitigations could be documented in the threats document or somewhere else. The AD's and chairs will probably want to make that call.

Do you see an obvious mitigation to A1 and A2?


> > activity causes control plane activity. Since forwarding plane bandwidth
> exceeds control plane bandwidth, DoS attacks against the control plane are
> possible.
> Yes, for every protocol we have invented. But like I said, there are better
> ways to solve this with LISP. If you look at all the drafts in totality, you will see
> we have a decent toolbox of solutions that COULD fight this traditional
> problem.
> You are merely (and continually) looking ONLY at the map-cache miss
> problem.
> > In order to be complete, the threats document must describe the DoS
> threat. It should also describe mitigations, if any exist.
> I agree with that. No one is arguing your point or Ross point. But rather than
> just documenting what they are, we want to fix them. So that is were we
> should put our attention. So let's have all of us work together and identify
> the problems and brainstorm about fixes.
> Rather than just saying what is wrong.
> Dino