IETF Logo Mail Archive

[OPSEC] New OPSEC individual draft on probe attribution

"Eric Vyncke (evyncke)" <evyncke@cisco.com> Thu, 17 February 2022 17:29 UTC

Return-Path: <evyncke@cisco.com>
X-Original-To: opsec@ietfa.amsl.com
Delivered-To: opsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0689B3A0D75 for <opsec@ietfa.amsl.com>; Thu, 17 Feb 2022 09:29:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.595
X-Spam-Level:
X-Spam-Status: No, score=-14.595 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=McQEqQp/; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=CzAQSPAJ
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aArmHwD9kps9 for <opsec@ietfa.amsl.com>; Thu, 17 Feb 2022 09:29:09 -0800 (PST)
Received: from rcdn-iport-2.cisco.com (rcdn-iport-2.cisco.com [173.37.86.73]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E766A3A0D6F for <opsec@ietf.org>; Thu, 17 Feb 2022 09:29:08 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=6831; q=dns/txt; s=iport; t=1645118948; x=1646328548; h=from:to:cc:subject:date:message-id:mime-version; bh=TS54FFvpptPb7dvQZmRPHfzTatm8R/F8UPSbEnzrVXw=; b=McQEqQp/k87LHqJ707ENXJCONaeGOAGIKeK/ggxUaKoPRbLpOb+9aFab 2/RWRmn+UE57NCL6P6cDn1QDAX4hLTz92XjZxKhKaNJ3Zb2QIjylV3ruT ZgLEbG7R2GG91ylNDZO4t1qP0HQ1RC2I/mRvxyw+G+A/xrHMUQ8IS+ZER w=;
IronPort-PHdr: A9a23:NaWrzRQ6oG8PGeGBDXvAyiV13Npso7vLVj580XJvo75Nc6H2+ZPkMQSf4Ph2l1bGUM3d7O4MkOvZta3sGAliqZaMuXwPatpAAhkCj8hFkwkpGsXQD0r9IbbjZDA7G8IXUlhj8jm7PEFZFdy4aUfVpyi57CUZHVP0Mg8mTtk=
IronPort-Data: A9a23:HWyp6KhRZsESZ+J5fMo73g4OX161rxIKZh0ujC45NGQN5FlHY01jehtvD2zSa62PNGD0fNl3Ooqxp0hV7J7cytBrTlZkrnwzRXtjpJueD7x1DKtf0wB+jyH7ockOA/w2MrEsF+hpCC+MzvuRGuK59yMkj/nRHuOU5NPsY0ideyc1EE/Ntjo78wIJqtYAbemRW2thi/uryyHsEAfNNwpPD44hw/nrRCWDExjFkGhwUlQWPZintbJF/pUfJMp3yaqZdxMUTmTId9NWSdovzJnhlo/Y1w0mBtXgmbHhfwhTGvjZPBOFjTxdXK3Kbhpq/3NplP1kcqtHLx4L1V1lnPgpoDlJnZGuWAEiPaDkk+UGWB4eGCZ7VUFD0O6WcCnu4ZTNnyUqdFOpmZ2CFnoeP5AD5udxR2BT7/kRLhgQahGOiO/wyr/TYsNhgMMiMI/HO4UZt21I0DXYAPkrB5rOK43N/cRV1x8xi9xAW/HEaKIkhZBHBPjbSwdENlFSA5UkkaLx3j/0ciZTrxSeoq9f3oQa9yQpuJCFDTYfUobiqR1po3ul
IronPort-HdrOrdr: A9a23:AJoYs6utjMnwYBwqF0NQMkOI7skCwYMji2hC6mlwRA09TyXGraGTdaUguyMc1gx/ZJh5o6H8BEGBKUmskqKdkrNhQYtKPTOW91dASbsD0WKM+UyaJ8STzJ856U4CSdkxNDSTNykBsS+S2mDReLxMrKjlgcKVbIzlvhFQpHRRGtldBnBCe3+m+yNNNW17LKt8MKDZyttMpjKmd3hSRN+8HGM5U+/KoMCOvI76YDYdbiRXqTWmvHeN0vrXAhKY1hARX3dk2rE561XIlAT/++GKr+y78BnBzGXehq4m2OcJi+EzR/BkuPJlbwkEuTzYILiJnIfy+wzdldvfqmrCVuO85SvIcf4Dsk85NVvF3icFkzOQrgrGrUWSkWNxRRDY0JbErPVQMbsbuWsRSGqo16Jr1usMoZ5jziaXsYFaAgjHmzm479/UVwtynk7xunY6l/UP5kYvG7f2RYUh5bD3xnklW6vo3RiKnLwPAa1rFoXR9fxWeVSVYzTQuXRu2sWlWjA2Eg2dSkYPt8SJ23wO9UoJg3cw1YgahDMN5Zg9Q55L66DNNblpjqhHSosTYbhmDOkMTMOrAijGQA7KMmiVPVP7fZt3dk7lutry+vE49euqcJsHwN87n4nASkpRsSood0fnGaS1rdR2G9D2MROAtBjWu7NjDqlCy8rBreDQQF6+oXgV4r6dn8k=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0BKCAByHvlh/5JdJa1agmOBITFWB3daNzGESYNHA4U5hQ6DApYZhQ6BLoElA1QLAQEBDQEBNwoEAQGFBRmDSAIlNgcOAQIEAQEBEgEBBQEBAQIBBgSBCROFaAEMhkUWER0BATcBEQFKAgQwJwQOJ4JiAYIOVwMuAQ6iKwGBOgKKH3qBMYEBgggBAQYEBIE6Ag5BR4I7GII3AwaBOoMOhBwBAYJ9hDEcgUlEgTwcgjAHMIMhAQECAYIKgms3gi6SUjkEUQIUgQuXJ4lOjXKSYQqDRosBlFwFIwuoB5ZKIIxvmTMCBAIEBQIOAQEGgWgEMYFZcBVlAYI+URkPkhGFFIVKdDgCBgEKAQEDCY1MAQE
X-IronPort-AV: E=Sophos;i="5.88,333,1635206400"; d="scan'208,217";a="999998068"
Received: from rcdn-core-10.cisco.com ([173.37.93.146]) by rcdn-iport-2.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 17 Feb 2022 17:29:07 +0000
Received: from mail.cisco.com (xbe-aln-005.cisco.com [173.36.7.20]) by rcdn-core-10.cisco.com (8.15.2/8.15.2) with ESMTPS id 21HHT7pY023287 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=OK); Thu, 17 Feb 2022 17:29:07 GMT
Received: from xfe-rcd-002.cisco.com (173.37.227.250) by xbe-aln-005.cisco.com (173.36.7.20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.14; Thu, 17 Feb 2022 11:29:07 -0600
Received: from xfe-aln-003.cisco.com (173.37.135.123) by xfe-rcd-002.cisco.com (173.37.227.250) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.14; Thu, 17 Feb 2022 11:29:07 -0600
Received: from NAM11-DM6-obe.outbound.protection.outlook.com (173.37.151.57) by xfe-aln-003.cisco.com (173.37.135.123) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.14 via Frontend Transport; Thu, 17 Feb 2022 11:29:07 -0600
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=MFuvOGG51EIEPBLjAdTKg7hENJ9Gir1vN5Eemk3nIaOsuMsa4IJVZQpJAurvcB0u9zu4nTKHZGnB1RC1jMXPQOaMppuYBVQrNLokXPjcJd3sWPdlGd8pj8M0lpIH80n5iKONAx+iUN5Lgsur0s/q+vGd5NCKfPL4u+IW8Iinu1/BBdJIPbwbhbRVV4p7n/otFNaxo4OO/n9TVnPX5t1EPyW2cIxUlCHCiUchCvSkzXG+958SPHhxBm0n0PwT3CznZ6s5RB1KtlnqR7E72o7z8sy5WTwgWPBvuszAVMEcL+pgSv0mpJttB0npXvuFYVIwz5Dkn6vDt7FQMCUV71B+mg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=TS54FFvpptPb7dvQZmRPHfzTatm8R/F8UPSbEnzrVXw=; b=Uus1Aa3DUpudSK9CRylPINWEKth0Nr5DzgRYaJ8biy5hT5Nk1RBK7eu3KjfewKqYhzwkIX25Bh308eEupKvNZrs7hohrpj2ot0fpDlS23Cga1xacyHsXNeJ4jWsXGt+gllf6zHHMIOyRXb39i5v41MCQ6SU+Oxf99Y7nV/WQFlef6qmDUFVTFl4+j0/x2R64bat/4Kzk7mCS9dwMnrclaX13jndXMW0737xe9hYI/2y9W1btCV4/AMPu8WlConTXScLemRzfY03vKazFjOYgjNqs9SKUx6vnmR6+bcR3g1dtAJt2ebjBSRZUVx9CTD8p/UuIyqA7268ugTQSqqPBgg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=TS54FFvpptPb7dvQZmRPHfzTatm8R/F8UPSbEnzrVXw=; b=CzAQSPAJrBg9qQhurh0uxnsbymxvfiDCkXqsd5/oL2uMfjFGjJYzeHQ5AfLAsieE34WKysXr/OalFd1sKQtmmztPEkkt5ttmcUo+ItHgj/eoFWih4bf1gGNVhO97BxacIrqlmQeKqyTjfMioCd3CBRP1K+kRTx5Wew4LVWHojvQ=
Received: from PH0PR11MB4966.namprd11.prod.outlook.com (2603:10b6:510:42::21) by CH0PR11MB5722.namprd11.prod.outlook.com (2603:10b6:610:113::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4995.17; Thu, 17 Feb 2022 17:29:06 +0000
Received: from PH0PR11MB4966.namprd11.prod.outlook.com ([fe80::1929:3b1b:99a3:312]) by PH0PR11MB4966.namprd11.prod.outlook.com ([fe80::1929:3b1b:99a3:312%7]) with mapi id 15.20.4995.016; Thu, 17 Feb 2022 17:29:06 +0000
From: "Eric Vyncke (evyncke)" <evyncke@cisco.com>
To: "opsec@ietf.org" <opsec@ietf.org>
CC: Benoît <Benoit.Donnet@uliege.be>, Justin Iurman <justin.iurman@uliege.be>
Thread-Topic: New OPSEC individual draft on probe attribution
Thread-Index: AQHYJCPdz2fb2JiOtUWWhC4pw5TSOg==
Date: Thu, 17 Feb 2022 17:29:06 +0000
Message-ID: <EDA6831B-1A74-4C5C-8BA7-9440C3785ACC@cisco.com>
Accept-Language: fr-BE, en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.57.22011101
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=cisco.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: a90cd15e-3bc6-4db6-8d72-08d9f23affc6
x-ms-traffictypediagnostic: CH0PR11MB5722:EE_
x-microsoft-antispam-prvs: <CH0PR11MB5722BEA7DB89A5D0AD52ABE8A9369@CH0PR11MB5722.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:8882;
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: R5MACpI/VZiVx/ejpXUDhNTLrnOo1iozKi+nWv6Juxho9kkxTdvyjtpm3XZ4lDY5I4UTqYnV6kc33UHVdpKL6aNuzRvsKFKDW/zIFW+jLKP9826xnWBWeAGUZ0HThRRpY6LGgZxRY+taeFJdiYc7Ky772NeUSE6WsjmUqfP8P60HZ+KX8E9UX2OwupzIK86i9qyzDzL1dL+tsOMOFxaC2+Tan2hXyWKlIdIOTHwfwkesrWHT7QF3BQUOhIGoAfa3XP6KimKqbwnE34ZbPFQ44dY4LBx9s5rh52CcYsxCHRknGoZp51vVOs9nPU0h0XMBV8VtWscXiHMvjQQNQ9EmLsuIEpov5HirzGXSzHdIOoccY9FVCm/U0WW2RpeObX+sWD052/vuzvzLouEhDlDiTzRcLFVoHSjeVwJTbAnmGK+vB75S0GTPv3xESqT+ko4yatxXvKz+H8DSoOZIlzTlb77HA8AsENWB+hQaHJH0YFDxsaac0+CtB/KXp2xL80OyAFYhLw8h3vZDyg14ct1i6wBHAgcP1maXjjfSbs/IzPgR6nErXIiznf69UkViR6cq30gpfFJWfVN6APsg2K+Rmxo4DYaoVaAAk8ej7j+tonnXIRG96dZ0V9EREjGdKzbEDOeaZIQouwq+y9XLfS12kScQHL7YX/f5jQoJG+SV7KJ6A6VFolh9nMgNsB6cqagWfyH9EX+oUEbAT661KWxzSXx1pYDs+CauNVEJcIYBktNvjgwOnSqKPwwUL/8Y/kTdBG1xegD1LsOeRz0eUaf5dDkHbh69KcV7DGDAfowBL8Uv4eTF+OHM8eESkBZTLnP4
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:PH0PR11MB4966.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230001)(366004)(6506007)(6916009)(66446008)(64756008)(4326008)(8676002)(66946007)(66476007)(66556008)(166002)(2906002)(6512007)(66574015)(36756003)(38100700002)(316002)(54906003)(71200400001)(122000001)(186003)(2616005)(86362001)(38070700005)(33656002)(4744005)(5660300002)(91956017)(76116006)(966005)(6486002)(508600001)(8936002)(45980500001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: iYQvZfDhsSxynGQKx4CNgdESiOry0o/hu3XZXQkT20m02vHygtiDBHt9ctizEwwQP6tMmRGQQcMpJLY8m+TohPedYpMeY6wBc4dR2ClK58pxhQIxZmkkWexAQWyx4Hd8FBnQ8HpLSM2KhS1GzQzvzn9n0Ip3kKlhgyBdCcLFn4fPoxTVh31ktDJhPQLAh7uw5I8tmjMDR/5XzHjpcmR14Ipwxb39TUQ5AYx2IlOVr4/weT34T7hlTEWjhXPJcCFYY4u5xTA1oVP0yM+vMRGrFJM3I94QrW0VbOOW4k4l5gMr8HnbCZ8NI8eTZhzK9CvPVM79aDQRdf2KV4lCmkssKtWPyi2h9+e8I5UsNKz2DqqqXq3tAFu9o9jC/7evwIx5mdzBvKNcrDtOsCue0XoS1mr15aCOIRF90ajDNgbQyThI2mNi1coiqBBfKbRHpBmRgf1TxEEDklsytP636RUoERflXtFuToGqkCA7BT4yA+WsUtB/9Ebt/bbIAgn9ZmfLrQdgkzrY92ZRvayjvjxvnAayyhFgL2Yvk1k38sxqVwwQo4C7wr0Wqv4TDb+G9axDtXFQhxF43J11wV6TY9G1ChqMy6U3YK4NnXWycALRoP6n9+1AsoVobmPfakzaQ1vfPhKeX93iYQRLkUPCp4Z/xAXijqtpfeS2mt2nJzEWMyACxNUNmt1jMdqqFGz0R6wWEC4nvWCo4UOnkD8RNhH8oKVJ/AbPJ2/dYMOCbuJxV/z29EosYSBN7hRiSaciUDuKVm/JAdZFo35iLWXhyMnfZTilrKFAxv3chPDhuMt46/sveUPaeLksetZxsDWj/i7Yw3FCpvikrs87C1jKgZo7ROiTcX+zQmkLsYGv+YpQuEGEBr+mc+jmuNO/IcdsXk80/CQsqVVroz4IACRfvQH9CqIjkf3qussIEJgVIs5A9+grgvHvDvR8Z5UxlIVlGS+CRz5EUaAgWTxiMr7SANAcKsVweFFx8U2md41vTek2klSd5sxs2+eihPzLFTTjDUaITiu1EadjRxNvMzduzc1AoM+IDE1ldeM/uM9HtMp0FkJM01JBAbLU/64U+5j+vObq0C5TpuZTGT1mBkTYbJSOaqVL8FI0TD00i9hC7gz4X16Lxoy6bGNvy/IJxPWaM1ckG+1qgrRTrf0MPPLv68r85b/O+2/Dk7s6OXhXi4Ec3Bove6DkGYhxKy8NCLm0gSBTVBX6BK7ImkElYIWZ/KAFuIe1Q/oT6t1V5BzV0K44xUe+iBqr0IktkQdmuO8vpmodCSvxWbUHdEdkQKQOY8odLfKP2XPwdIwRcl1v/+22T2cLMn1mr+qyPRYWO/i04hEzsRVoYdpuWIHzFbW1nHfD+/ih4LosDYXMGkQLvVg4MdCE5ZA+nATKBqRa4tQxM36L+RrMeXAzMuAy2elK/0MYogY0RdesDtAstQ2ZOIE1v0ensggpqJu2mCu8a/EErn/DPleyXVx/cGUwLFnpUUjR3ebc9Sm2tooNVg3UD5HwobGSUOIR31o7vK3gdgBg2WFCjEL9nQ/aomTPagXXKOaipXZC2jV+kwWXl1uo6IxPJWj8JjxFkClBM4vOY80nSbXmkXXuIg0mv6yY44Sg0HeWe7KlQW5yzuSMwjiR5wmW2g15wdZ+7T7e5r4QVR/XE0Yuh5utjVyhWN8aQcQuor+K6/1MqAEl9NOLs8uEO5zdccU=
Content-Type: multipart/alternative; boundary="_000_EDA6831B1A744C5C8BA79440C3785ACCciscocom_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: PH0PR11MB4966.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: a90cd15e-3bc6-4db6-8d72-08d9f23affc6
X-MS-Exchange-CrossTenant-originalarrivaltime: 17 Feb 2022 17:29:06.1457 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: txvfSsX7hWgap/S0w9HA3axInPvDsEPjtJjK6lYsrO15blk9aYx9c6OJ9+0vFtgyqTHKntWZJby/fp41nVX/SA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH0PR11MB5722
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.36.7.20, xbe-aln-005.cisco.com
X-Outbound-Node: rcdn-core-10.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsec/sqtS56qAImOtG6t5Dqp56ZWAihQ>
Subject: [OPSEC] New OPSEC individual draft on probe attribution
X-BeenThere: opsec@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: opsec wg mailing list <opsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsec>, <mailto:opsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsec/>
List-Post: <mailto:opsec@ietf.org>
List-Help: <mailto:opsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Feb 2022 17:29:11 -0000

[Posting as a plain author without any other hat]

Benoît, Justin, and I have just uploaded a new draft (less than 10 pages):
https://datatracker.ietf.org/doc/html/draft-vyncke-opsec-probe-attribution-00

The abstract reads as:
  Active measurements at Internet-scale can target either collaborating
   parties or non-collaborating ones.  This is similar scan and could be
   perceived as aggressive.  This document proposes a couple of simple
   techniques allowing any party or organization to understand what this
   unsolicited packet is, what is its purpose, and more importantly who
   to contact.

We believe that it may be interesting to the OPSEC WG and we will welcome comments and suggestions.

Regards

-éric

v2.23.0 | Report a Bug | By Email