Re: [Madinas] [Int-area] BoF and Non-WG Mailing List: madinas -- MAC Address Device Identification for Network and Application Services
mohamed.boucadair@orange.com Mon, 02 November 2020 08:10 UTC
Return-Path: <mohamed.boucadair@orange.com>
X-Original-To: madinas@ietfa.amsl.com
Delivered-To: madinas@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 820A53A09C1 for <madinas@ietfa.amsl.com>; Mon, 2 Nov 2020 00:10:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=orange.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5_5FkW95Jt73 for <madinas@ietfa.amsl.com>; Mon, 2 Nov 2020 00:10:49 -0800 (PST)
Received: from relais-inet.orange.com (relais-inet.orange.com [80.12.70.35]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E29D53A0957 for <madinas@ietf.org>; Mon, 2 Nov 2020 00:10:48 -0800 (PST)
Received: from opfednr00.francetelecom.fr (unknown [xx.xx.xx.64]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by opfednr23.francetelecom.fr (ESMTP service) with ESMTPS id 4CPlwR2D6dz5vkW for <madinas@ietf.org>; Mon, 2 Nov 2020 09:10:47 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=orange.com; s=ORANGE001; t=1604304647; bh=laDs4WWOzBYs2OnS7UwPBw2o4k2BS38M7aY9sleRBtM=; h=From:To:Subject:Date:Message-ID:Content-Type: Content-Transfer-Encoding:MIME-Version; b=hdiRXhSthpfaX7kgA7KuYAX8wOx1LPGbdFE5W7rEV4kfKVJy9CwXMuVJZ77vFrEAi gCtKMb9Rp2+rS5XfeJRLqOntj2k7vgk3q4bO1LYXuAoJDlyJzuXojIAThWXUnVud7k kJZxRv8+Iyvigx+Nxhlfk+eS+wddIpDadew/BY5dNVwKXBqz28DPcRF+sK08yFXbsI mhLy5PSkioYRWq/5U5tf6205zxsJuV+276WuFSmbLr8MQvOF9ADxXbssGxT8Rzv2/N qeSqZozhmYQe95lJ2F/BQ+VsCutl1Yg1gEheY1mhF5PrA5tNgmXrm0q7SNSyHZJEIE 7ER3Vf8DVez+g==
Received: from Exchangemail-eme6.itn.ftgroup (unknown [xx.xx.13.29]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by opfednr00.francetelecom.fr (ESMTP service) with ESMTPS id 4CPlwR1GhgzDq7m for <madinas@ietf.org>; Mon, 2 Nov 2020 09:10:47 +0100 (CET)
From: mohamed.boucadair@orange.com
To: "madinas@ietf.org" <madinas@ietf.org>
Thread-Topic: [Int-area] BoF and Non-WG Mailing List: madinas -- MAC Address Device Identification for Network and Application Services
Thread-Index: AQHWsOi/F4lfkVnYpked8fkXC7pmZqm0e4lw
Date: Mon, 02 Nov 2020 08:10:46 +0000
Message-ID: <25128_1604304647_5F9FBF07_25128_465_1_787AE7BB302AE849A7480A190F8B93303156D35C@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
References: <160407478723.4708.16590139659517606146@ietfa.amsl.com> <CAHLBt83DN3OxhXbkFKPBh7KbPFvKJKjgdf5UfoGVSsTJh6+H=Q@mail.gmail.com> <E37B8383-CAD6-4D57-BDB4-E7170F3EAE63@tzi.org>
In-Reply-To: <E37B8383-CAD6-4D57-BDB4-E7170F3EAE63@tzi.org>
Accept-Language: fr-FR, en-US
Content-Language: fr-FR
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.114.13.247]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/madinas/Nt-ZyWHbPIZb0oeTw3eNMCTddSI>
Subject: Re: [Madinas] [Int-area] BoF and Non-WG Mailing List: madinas -- MAC Address Device Identification for Network and Application Services
X-BeenThere: madinas@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: MAC Address Device Identification for Network and Application Services <madinas.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/madinas>, <mailto:madinas-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/madinas/>
List-Post: <mailto:madinas@ietf.org>
List-Help: <mailto:madinas-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/madinas>, <mailto:madinas-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 02 Nov 2020 08:10:51 -0000
Hi Carsten, The DDoS attack in the slides is ** from ** a compromised device in a home network. Instead of deploying filters at the ISP side, which may impact the overall services offered to the home (collateral damage), the filtering is done at the CPE: the CPE should identify and then isolate the compromise device. The identification can be based on the MAC @, but as mentioned in the slides changing the MAC@ can bypass the filtering. Randomization will further exacerbate this. Cheers, Med > -----Message d'origine----- > De : Int-area [mailto:int-area-bounces@ietf.org] De la part de > Carsten Bormann > Envoyé : lundi 2 novembre 2020 08:21 > À : madinas@ietf.org > Cc : dhcwg@ietf.org; int-area@ietf.org > Objet : Re: [Int-area] BoF and Non-WG Mailing List: madinas -- MAC > Address Device Identification for Network and Application Services > > On 2020-11-01, at 22:56, Juan Carlos Zuniga <j.c.zuniga@ieee.org> > wrote: > > > > https://github.com/jlivingood/IETF109BoF/blob/master/109-Agenda.md > > I don’t understand the slides about home device MAC addresses, > https://github.com/boucadair/IETF109BoF/blob/master/madinas- > ddos%20mitigation-use%20case-rev%2027102020.pdf > > If mitigations are widely deployed that are based on MAC address > filtering, attackers will implement countermeasures (such as varying > the MAC address quickly enough to defeat the mitigation signaling). > MAC address randomization as implemented by a device vendor would > probably be too slow as a countermeasure (if it were, it would save > the attacker a little work, but not that much). > > (Please reply to madinas@ietf.org.) > > Grüße, Carsten > > _______________________________________________ > Int-area mailing list > Int-area@ietf.org > https://www.ietf.org/mailman/listinfo/int-area _________________________________________________________________________________________________________________________ Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration, Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci. This message and its attachments may contain confidential or privileged information that may be protected by law; they should not be distributed, used or copied without authorisation. If you have received this email in error, please notify the sender and delete this message and its attachments. As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified. Thank you.
- [Madinas] New Non-WG Mailing List: madinas -- MAC… IETF Secretariat
- Re: [Madinas] [Int-area] BoF and Non-WG Mailing L… Carsten Bormann
- Re: [Madinas] [Int-area] BoF and Non-WG Mailing L… mohamed.boucadair
- Re: [Madinas] [Int-area] BoF and Non-WG Mailing L… Carsten Bormann
- Re: [Madinas] [Int-area] BoF and Non-WG Mailing L… mohamed.boucadair
- Re: [Madinas] [dhcwg] [Int-area] BoF and Non-WG M… Michael Richardson
- Re: [Madinas] [dhcwg] [Int-area] BoF and Non-WG M… mohamed.boucadair
- [Madinas] identities for legitimate devices Michael Richardson
- Re: [Madinas] identities for legitimate devices mohamed.boucadair