Re: [rtcweb] UDP transport problem

Tim Panton <tim@phonefromhere.com> Sun, 16 February 2014 14:00 UTC

Return-Path: <tim@phonefromhere.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EEC301A01FA for <rtcweb@ietfa.amsl.com>; Sun, 16 Feb 2014 06:00:42 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WfeEgznn1Utb for <rtcweb@ietfa.amsl.com>; Sun, 16 Feb 2014 06:00:40 -0800 (PST)
Received: from smtp002.apm-internet.net (smtp002.apm-internet.net [85.119.248.221]) by ietfa.amsl.com (Postfix) with ESMTP id 0C8D31A0110 for <rtcweb@ietf.org>; Sun, 16 Feb 2014 06:00:39 -0800 (PST)
Received: (qmail 81177 invoked from network); 16 Feb 2014 14:00:36 -0000
X-AV-Scan: clean
X-APM-Authkey: 83769 1833
Received: from unknown (HELO zimbra003.verygoodemail.com) (85.119.248.218) by smtp002.apm-internet.net with SMTP; 16 Feb 2014 14:00:36 -0000
Received: from zimbra003.verygoodemail.com (localhost [127.0.0.1]) by zimbra003.verygoodemail.com (Postfix) with ESMTP id 5B09918A0C51; Sun, 16 Feb 2014 14:00:35 +0000 (GMT)
Received: from limit.westhawk.co.uk (limit.westhawk.co.uk [192.67.4.33]) by zimbra003.verygoodemail.com (Postfix) with ESMTPSA id 4EEA718A0B54; Sun, 16 Feb 2014 14:00:32 +0000 (GMT)
Content-Type: multipart/alternative; boundary="Apple-Mail=_01FB7A2E-A5FC-4D07-B37C-41E57F311F9D"
Mime-Version: 1.0 (Mac OS X Mail 7.1 \(1827\))
From: Tim Panton <tim@phonefromhere.com>
In-Reply-To: <52FE4851.3000206@bbs.darktech.org>
Date: Sun, 16 Feb 2014 14:00:26 +0000
Message-Id: <104BC8B8-77D0-4E2E-BF77-09A2CCB11437@phonefromhere.com>
References: <CAD6AjGRiQ1UF5n3JG9HPRQFM+TD54Xz-dpTn5u9bX+__BMfesQ@mail.gmail.com> <52FDEE06.1030003@jesup.org> <CAD6AjGRSVHTK7apQ1x3j0pE=dkeFeXBKc0U3z4GkCTywVvckTA@mail.gmail.com> <52FE4851.3000206@bbs.darktech.org>
To: cowwoc <cowwoc@bbs.darktech.org>
X-Mailer: Apple Mail (2.1827)
Archived-At: http://mailarchive.ietf.org/arch/msg/rtcweb/RsiZ61wIn1PwdFQAhaf4NVR-128
Cc: "rtcweb@ietf.org >> rtcweb@ietf.org" <rtcweb@ietf.org>
Subject: Re: [rtcweb] UDP transport problem
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 16 Feb 2014 14:00:43 -0000

On 14 Feb 2014, at 16:46, cowwoc <cowwoc@bbs.darktech.org>; wrote:

> On 14/02/2014 9:42 AM, Cb B wrote:
>> Right. The source port will be a function of the amp server such as 53, 123, 19... all very common. The destination port is of the spoofers choosing.
>> But, as the us-cert advisory notes, there are several impacted appilication ports. Well-known webrtc fixed ports would help for a white list.
>> 
>> Creating a blacklist of just 53, 123, 19 makes us still behind the curve on whatever is next.
>> 
> 
> Which is why we will never be able to stop DDoS attacks:
> With dumb firewall rules that rely upon port numbers alone.
> Unless the destination address is able to communicate back to the source (or as close as possible to the source) that it does not wish to continue receiving (any) packets from it, and in so doing pushes the problem back as far as possible to the source.


I don't agree, when we set up an ISP in the '90s we had egress filter rules that dropped any packets with From address that were not
routed as 'inside' our network.

At the time we were told to drop that (along with a pile of other security features which are slowly returning). 
I see no reason why anyone would peer with an ISP that refused to do that.

(We now return to your #rtcweb program).

T.
 
 

> Gili
> _______________________________________________
> rtcweb mailing list
> rtcweb@ietf.org
> https://www.ietf.org/mailman/listinfo/rtcweb

Tim Panton - Web/VoIP consultant and implementor
www.westhawk.co.uk