IETF Logo Mail Archive

Re: [rtcweb] UDP transport problem

Harald Alvestrand <harald@alvestrand.no> Fri, 14 February 2014 20:50 UTC

Return-Path: <harald@alvestrand.no>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 836CC1A03D0 for <rtcweb@ietfa.amsl.com>; Fri, 14 Feb 2014 12:50:51 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.448
X-Spam-Level:
X-Spam-Status: No, score=-2.448 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.548] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id L2yf2j_ImCAV for <rtcweb@ietfa.amsl.com>; Fri, 14 Feb 2014 12:50:48 -0800 (PST)
Received: from mork.alvestrand.no (mork.alvestrand.no [158.38.152.117]) by ietfa.amsl.com (Postfix) with ESMTP id 334421A0045 for <rtcweb@ietf.org>; Fri, 14 Feb 2014 12:50:43 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by mork.alvestrand.no (Postfix) with ESMTP id E20A77C4CF8; Fri, 14 Feb 2014 21:50:40 +0100 (CET)
Received: from mork.alvestrand.no ([127.0.0.1]) by localhost (mork.alvestrand.no [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YLjy2lJKynMc; Fri, 14 Feb 2014 21:50:40 +0100 (CET)
Received: from [172.19.7.58] (unknown [216.239.45.90]) by mork.alvestrand.no (Postfix) with ESMTPSA id 1CF087C4CF7; Fri, 14 Feb 2014 21:50:39 +0100 (CET)
Message-ID: <52FE819E.2010500@alvestrand.no>
Date: Fri, 14 Feb 2014 21:50:38 +0100
From: Harald Alvestrand <harald@alvestrand.no>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.2.0
MIME-Version: 1.0
To: Cb B <cb.list6@gmail.com>
References: <CAD6AjGRiQ1UF5n3JG9HPRQFM+TD54Xz-dpTn5u9bX+__BMfesQ@mail.gmail.com> <52FDEE06.1030003@jesup.org> <CAD6AjGRSVHTK7apQ1x3j0pE=dkeFeXBKc0U3z4GkCTywVvckTA@mail.gmail.com> <52FE5F41.1010106@alvestrand.no> <CAD6AjGRhaiYXPHtZ8+yuq1L8a5d1BgNmt_XoDY6fn+qhukSPBA@mail.gmail.com>
In-Reply-To: <CAD6AjGRhaiYXPHtZ8+yuq1L8a5d1BgNmt_XoDY6fn+qhukSPBA@mail.gmail.com>
X-Enigmail-Version: 1.6
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/rtcweb/V2zJwGqZfsP05kFrMYl5A_TlF-k
Cc: "rtcweb@ietf.org" <rtcweb@ietf.org>
Subject: Re: [rtcweb] UDP transport problem
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Feb 2014 20:50:51 -0000

On 02/14/2014 07:54 PM, Cb B wrote:
> On Fri, Feb 14, 2014 at 10:24 AM, Harald Alvestrand
> <harald@alvestrand.no> wrote:
>> On 02/14/2014 03:42 PM, Cb B wrote:
>>>> It's especially depressing in that we put significant effort into
>>> reducing the likelihood that WebRTC could be used for DDoS attacks.
>>>> I will note that blocking UDP (or massively-rate-limiting it) will
>>> have all sorts of nasty effects on all forms of VoIP.  TCP-entrained
>>> VoIP can evade that, but at a serious cost to call quality.  Surely
>>> the operators know this.
>>> Agreed on all points. My view is one related to the basic requirement
>>> of keeping the network up.  I hope i have provided enough reference
>>> points to make the magnitude of the problem clear as well as how
>>> history has shown protocols get blocked (smtp)
>>>
>> This SMTP example doesn't match what I've seen happen.
>>
>> SMTP is not blocked by any backbone service provider I know of.
>>
>> Outgoing SMTP on port 25 is commonly blocked by firewalls that think
>> they don't have servers behind them (hotels are notorious in this
>> aspect). That's why the submit port is popular (and deployed with
>> authentication). The main concern isn't DDOS attacks, it's being blamed
>> for spam.
>>
> Spam is a type of attack.  It is an L7 attack as opposed to a volume attack.
>
>
> The largest broadband ISP in the USA blocks port 25, i provided this
> info in my first email.
>
> http://customer.comcast.com/help-and-support/internet/email-port-25-no-longer-supported/

I believe this is consistent with what I said. They block it *for
residential customers*.

That's why I said "by backbone providers" above.

If port 25 was blocked by backbone providers, we would not be having
this conversation in this medium; from your message:

Received: from mork.alvestrand.no ([127.0.0.1])
	by localhost (mork.alvestrand.no [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id l5OItdTpHJNZ for <harald@alvestrand.no>;
	Fri, 14 Feb 2014 19:54:12 +0100 (CET)
X-Greylist: domain auto-whitelisted by SQLgrey-1.8.0-rc2
Received: from mail-wg0-f50.google.com (mail-wg0-f50.google.com [74.125.82.50])
	by mork.alvestrand.no (Postfix) with ESMTPS id D71377C4CF1
	for <harald@alvestrand.no>; Fri, 14 Feb 2014 19:54:11 +0100 (CET)
Received: by mail-wg0-f50.google.com with SMTP id z12so676422wgg.17
        for <harald@alvestrand.no>; Fri, 14 Feb 2014 10:54:07 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :cc:content-type;
        bh=uOHldLGex53bmiWfJEdhgiY7mkII6sbilbQC8KWLQBI=;
        b=jkmpcR1j1p4IBKmFsuKH1r7thWkWzUfakYB1l0aCvWkCB3r6UwGkxyS8QZSYfrcLZL
         1yR20Mgz/sHeU0Sqn6GGSIwDVSSmG/arGHcITQuhUJ/qP99huNVTNArKtdlxb6iQArW8
         WiT03gtCm74rfIWcbMqrnV0KxBZVwY0UcyCc1zcrPx7ykqEI2trkIdp/xj517VgAAU7i
         YjtLZPqHJgy0kp9jenRgFfHqOA6KTOaCowOQmS/tdSUgJOoK16Up+HWbI2ACCVXDocJW
         3LqGlj0TnzIdKnUgvNNqBikK7GAF71Hra8FkkFmcsrZLjjY4PYBAnzdUIfmydj29zMIs
         Mviw==
MIME-Version: 1.0
X-Received: by 10.194.202.230 with SMTP id kl6mr7582617wjc.9.1392404046219;
 Fri, 14 Feb 2014 10:54:06 -0800 (PST)


The occurences of the word "SMTP" in those header fields should tell you
something.

>
>> I've not seen any report of a DDOS attack that used port 25 for a
>> traffic-volume-based attack (although intentional or unintentional DDOS
>> attacks on mail servers are too common to care about).
>>
>> Given that I still haven't seen a report that leads me to belive we'll
>> ever see a proposal that seriously proposes blocking all UDP traffic on
>> the Internet - I continue to disbelieve the premise, so it's not
>> surprising that I disagree with the conclusion.
>>
> That's fine.  It is not my goal to block UDP or save WebRTC.  I am
> just submitting information that i have and connecting the dots that
> are in front of me.  The future may show that i am too pessimistic or
> not enough.
>
> CB
>
>> --
>> Surveillance is pervasive. Go Dark.
>>
>> _______________________________________________
>> rtcweb mailing list
>> rtcweb@ietf.org
>> https://www.ietf.org/mailman/listinfo/rtcweb


-- 
Surveillance is pervasive. Go Dark.

v2.23.0 | Report a Bug | By Email