RE: [Fwd: [Saad] Some initiating thoughts...]

"Harrington, David" <dbh@enterasys.com> Thu, 23 October 2003 13:55 UTC

Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id JAA21581 for <saad-archive@odin.ietf.org>; Thu, 23 Oct 2003 09:55:32 -0400 (EDT)
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1ACfvg-0006EV-PD for saad-archive@odin.ietf.org; Thu, 23 Oct 2003 09:55:13 -0400
Received: (from exim@localhost) by www1.ietf.org (8.12.8/8.12.8/Submit) id h9NDt8Fk023953 for saad-archive@odin.ietf.org; Thu, 23 Oct 2003 09:55:08 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1ACfvg-0006EG-98 for saad-web-archive@optimus.ietf.org; Thu, 23 Oct 2003 09:55:08 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id JAA21543 for <saad-web-archive@ietf.org>; Thu, 23 Oct 2003 09:54:57 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 1ACfve-0000KA-00 for saad-web-archive@ietf.org; Thu, 23 Oct 2003 09:55:06 -0400
Received: from ietf.org ([132.151.1.19] helo=optimus.ietf.org) by ietf-mx with esmtp (Exim 4.12) id 1ACfvd-0000K6-00 for saad-web-archive@ietf.org; Thu, 23 Oct 2003 09:55:05 -0400
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1ACfva-0006Aq-59; Thu, 23 Oct 2003 09:55:02 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1ACfua-0005l4-Sc for saad@optimus.ietf.org; Thu, 23 Oct 2003 09:54:01 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id JAA21461 for <saad@ietf.org>; Thu, 23 Oct 2003 09:53:48 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 1ACfuX-0000IR-00 for saad@ietf.org; Thu, 23 Oct 2003 09:53:57 -0400
Received: from ctron-dnm.enterasys.com ([12.25.1.120] ident=firewall-user) by ietf-mx with esmtp (Exim 4.12) id 1ACfuW-0000IN-00 for saad@ietf.org; Thu, 23 Oct 2003 09:53:56 -0400
Received: (from uucp@localhost) by ctron-dnm.enterasys.com (8.8.7/8.8.7) id JAA15168 for <saad@ietf.org>; Thu, 23 Oct 2003 09:54:28 -0400 (EDT)
Received: from nhrocavg2(134.141.79.124) by ctron-dnm.enterasys.com via smap (4.1) id xma014166; Thu, 23 Oct 03 09:51:24 -0400
Received: from NHROCCNC2.ets.enterasys.com ([134.141.79.124]) by 134.141.79.124 with InterScan Messaging Security Suite; Thu, 23 Oct 2003 09:50:48 -0400
Received: from source ([134.141.79.122]) by host ([134.141.79.124]) with SMTP; Thu, 23 Oct 2003 09:50:48 -0400
Received: from nhrocmbx1 ([134.141.79.104]) by NHROCCNC2.ets.enterasys.com with Microsoft SMTPSVC(5.0.2195.6713); Thu, 23 Oct 2003 09:50:48 -0400
X-MimeOLE: Produced By Microsoft Exchange V6.0.6375.0
Content-Class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Subject: RE: [Fwd: [Saad] Some initiating thoughts...]
Date: Thu, 23 Oct 2003 09:50:47 -0400
Message-ID: <6D745637A7E0F94DA070743C55CDA9BA01139371@NHROCMBX1.ets.enterasys.com>
Thread-Topic: [Fwd: [Saad] Some initiating thoughts...]
Thread-Index: AcOZWgLieC5eOmWLSROJjK0NMbolWgAETkvg
From: "Harrington, David" <dbh@enterasys.com>
To: "Erik Nordmark" <Erik.Nordmark@sun.com>, "James Kempf" <kempf@docomolabs-usa.com>
Cc: "Leslie Daigle" <leslie@thinkingcat.com>, <saad@ietf.org>, <M.Handley@cs.ucl.ac.uk>
X-OriginalArrivalTime: 23 Oct 2003 13:50:48.0122 (UTC) FILETIME=[A9D349A0:01C3996C]
X-pstn-version: pmps:sps_win32_1_1_0c1 pase:2.0
X-pstn-levels: (C:80.8653 M:99.5542 P:95.9108 R:95.9108 S:52.8031 )
X-pstn-settings: 4 (0.2500:0.7500) p:13 m:13 C:14 r:13
X-pstn-addresses: from <dbh@enterasys.com> forward (org good)
Content-Transfer-Encoding: quoted-printable
Sender: saad-admin@ietf.org
Errors-To: saad-admin@ietf.org
X-BeenThere: saad@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/saad>, <mailto:saad-request@ietf.org?subject=unsubscribe>
List-Id: Scope Addressing Architecture Discussion <saad.ietf.org>
List-Post: <mailto:saad@ietf.org>
List-Help: <mailto:saad-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/saad>, <mailto:saad-request@ietf.org?subject=subscribe>
Content-Transfer-Encoding: quoted-printable
Content-Transfer-Encoding: quoted-printable

Hi Erik,

Typically, a DoS attack will be sourced from a host. Having the host be
responsible for advising the network how to prioritize packets is akin
to locking the henhouse to prevent fox attacks and then giving the fox
the key.

I believe the right place to apply policy is in the access switch. The
operators should know what types of traffic are likely to be generated
by the host, based on the role of the host in the organization, and can
preset policies to prioritize the desirable traffic. To handle mobility,
and finer-grained role-based policies, the operator can base the
expected traffic and priorities on the user's identity, qualified by
location and other factors.

dbh

> -----Original Message-----
> From: Erik Nordmark [mailto:Erik.Nordmark@sun.com] 
> Sent: Thursday, October 23, 2003 7:37 AM
> To: James Kempf
> Cc: Erik Nordmark; Leslie Daigle; saad@ietf.org; 
> M.Handley@cs.ucl.ac.uk
> Subject: Re: [Fwd: [Saad] Some initiating thoughts...]
> 
> 
> > But much of the appeal for firewalls (and some people 
> extend this to limited
> > scope addressing, but I'm not sure if the extension is 
> really necessary)
> > lies in their ability to limit DoS attacks. DoS attacks are 
> essentially
> > attacks on a network and I have some trouble seeing how end 
> to end security
> > between two devices can limit a DoS attack. Maybe I am 
> missing something,
> > however.
> 
> Yep - end2end security isn't sufficient if you have a wide range of
> network bandwidth (and too some extent also CPU capacity to deal
> with network packets) across the network.
> 
> Some approaches to deal with DoS is thus needed.
> 
> I don't know if anybody is working on host-assisted approaches.
> I can imagine interesting approaches like hosts on slow links sending 
> "priority lists" upstream (to specify the relative priority 
> of packets - 
> based on a class description - that are destined towards the 
> host) as one
> way of being able to cope with DoS flooding attacks.
> 
>   Erik
> 
> 
> _______________________________________________
> Saad mailing list
> Saad@ietf.org
> https://www1.ietf.org/mailman/listinfo/saad
> 

_______________________________________________
Saad mailing list
Saad@ietf.org
https://www1.ietf.org/mailman/listinfo/saad