Re: [Madinas] [Int-area] BoF and Non-WG Mailing List: madinas -- MAC Address Device Identification for Network and Application Services
Carsten Bormann <cabo@tzi.org> Mon, 02 November 2020 08:33 UTC
Return-Path: <cabo@tzi.org>
X-Original-To: madinas@ietfa.amsl.com
Delivered-To: madinas@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 51C313A0980 for <madinas@ietfa.amsl.com>; Mon, 2 Nov 2020 00:33:27 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EDOQm2CWNsBD for <madinas@ietfa.amsl.com>; Mon, 2 Nov 2020 00:33:24 -0800 (PST)
Received: from gabriel-vm-2.zfn.uni-bremen.de (gabriel-vm-2.zfn.uni-bremen.de [134.102.50.17]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A46543A0115 for <madinas@ietf.org>; Mon, 2 Nov 2020 00:33:11 -0800 (PST)
Received: from [192.168.217.118] (p548dcc60.dip0.t-ipconnect.de [84.141.204.96]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by gabriel-vm-2.zfn.uni-bremen.de (Postfix) with ESMTPSA id 4CPmQD6QjLz101r; Mon, 2 Nov 2020 09:33:08 +0100 (CET)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.4\))
From: Carsten Bormann <cabo@tzi.org>
In-Reply-To: <25128_1604304647_5F9FBF07_25128_465_1_787AE7BB302AE849A7480A190F8B93303156D35C@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
Date: Mon, 02 Nov 2020 09:33:08 +0100
Cc: "madinas@ietf.org" <madinas@ietf.org>
X-Mao-Original-Outgoing-Id: 625998788.454923-4f362452cb8bd92c3d395e48092b940b
Content-Transfer-Encoding: quoted-printable
Message-Id: <AB8EF82B-87C7-41A4-9844-163603DBA750@tzi.org>
References: <160407478723.4708.16590139659517606146@ietfa.amsl.com> <CAHLBt83DN3OxhXbkFKPBh7KbPFvKJKjgdf5UfoGVSsTJh6+H=Q@mail.gmail.com> <E37B8383-CAD6-4D57-BDB4-E7170F3EAE63@tzi.org> <25128_1604304647_5F9FBF07_25128_465_1_787AE7BB302AE849A7480A190F8B93303156D35C@OPEXCAUBMA2.corporate.adroot.infra.ftgroup>
To: mohamed.boucadair@orange.com
X-Mailer: Apple Mail (2.3608.120.23.2.4)
Archived-At: <https://mailarchive.ietf.org/arch/msg/madinas/fPBazuRFDb4g7fyAPlw6CsjbZxY>
Subject: Re: [Madinas] [Int-area] BoF and Non-WG Mailing List: madinas -- MAC Address Device Identification for Network and Application Services
X-BeenThere: madinas@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: MAC Address Device Identification for Network and Application Services <madinas.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/madinas>, <mailto:madinas-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/madinas/>
List-Post: <mailto:madinas@ietf.org>
List-Help: <mailto:madinas-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/madinas>, <mailto:madinas-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 02 Nov 2020 08:33:27 -0000
Hi Med, > On 2020-11-02, at 09:10, <mohamed.boucadair@orange.com> <mohamed.boucadair@orange.com> wrote: > > Hi Carsten, > > The DDoS attack in the slides is ** from ** a compromised device in a home network. > > Instead of deploying filters at the ISP side, which may impact the overall services offered to the home (collateral damage), the filtering is done at the CPE: the CPE should identify and then isolate the compromise device. > > The identification can be based on the MAC @, but as mentioned in the slides changing the MAC@ can bypass the filtering. I think I understand all that. > Randomization will further exacerbate this. This is the part where I’m not sure that the impact is significant. Once these countermeasures are widely deployed, attackers will do counter-countermeasures. It is easy to change a MAC address on a compromised device. Also, I don’t think MAC address randomization is effective enough to thwart the countermeasure (too slow time frames), so attackers will have every incentive to do their own MAC address changing. Instead, I think we need to work on effectively jailing IoT devices in the home without trying to cop out by using the MAC address as a selector. Grüße, Carsten
- [Madinas] New Non-WG Mailing List: madinas -- MAC… IETF Secretariat
- Re: [Madinas] [Int-area] BoF and Non-WG Mailing L… Carsten Bormann
- Re: [Madinas] [Int-area] BoF and Non-WG Mailing L… mohamed.boucadair
- Re: [Madinas] [Int-area] BoF and Non-WG Mailing L… Carsten Bormann
- Re: [Madinas] [Int-area] BoF and Non-WG Mailing L… mohamed.boucadair
- Re: [Madinas] [dhcwg] [Int-area] BoF and Non-WG M… Michael Richardson
- Re: [Madinas] [dhcwg] [Int-area] BoF and Non-WG M… mohamed.boucadair
- [Madinas] identities for legitimate devices Michael Richardson
- Re: [Madinas] identities for legitimate devices mohamed.boucadair