IETF Logo Mail Archive

Re: [secdir] security considerations on the TWAMP

"MORTON, ALFRED C (AL)" <acm@research.att.com> Thu, 19 December 2019 13:38 UTC

Return-Path: <acm@research.att.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1B0E7120133; Thu, 19 Dec 2019 05:38:53 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.598
X-Spam-Level:
X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XwTcNDWb3PdR; Thu, 19 Dec 2019 05:38:50 -0800 (PST)
Received: from mx0a-00191d01.pphosted.com (mx0b-00191d01.pphosted.com [67.231.157.136]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AE55112023E; Thu, 19 Dec 2019 05:38:50 -0800 (PST)
Received: from pps.filterd (m0049463.ppops.net [127.0.0.1]) by m0049463.ppops.net-00191d01. (8.16.0.42/8.16.0.42) with SMTP id xBJDP883030301; Thu, 19 Dec 2019 08:38:40 -0500
Received: from tlpd255.enaf.dadc.sbc.com (sbcsmtp3.sbc.com [144.160.112.28]) by m0049463.ppops.net-00191d01. with ESMTP id 2wys3dtatd-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 19 Dec 2019 08:38:40 -0500
Received: from enaf.dadc.sbc.com (localhost [127.0.0.1]) by tlpd255.enaf.dadc.sbc.com (8.14.5/8.14.5) with ESMTP id xBJDcdhX109795; Thu, 19 Dec 2019 07:38:39 -0600
Received: from zlp30499.vci.att.com (zlp30499.vci.att.com [135.46.181.149]) by tlpd255.enaf.dadc.sbc.com (8.14.5/8.14.5) with ESMTP id xBJDcZBH109742 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Thu, 19 Dec 2019 07:38:35 -0600
Received: from zlp30499.vci.att.com (zlp30499.vci.att.com [127.0.0.1]) by zlp30499.vci.att.com (Service) with ESMTP id 85C624000734; Thu, 19 Dec 2019 13:38:35 +0000 (GMT)
Received: from clpi183.sldc.sbc.com (unknown [135.41.1.46]) by zlp30499.vci.att.com (Service) with ESMTP id 66F9D400072E; Thu, 19 Dec 2019 13:38:35 +0000 (GMT)
Received: from sldc.sbc.com (localhost [127.0.0.1]) by clpi183.sldc.sbc.com (8.14.5/8.14.5) with ESMTP id xBJDcZ7v003276; Thu, 19 Dec 2019 07:38:35 -0600
Received: from mail-azure.research.att.com (mail-azure.research.att.com [135.207.255.18]) by clpi183.sldc.sbc.com (8.14.5/8.14.5) with ESMTP id xBJDcNfb002559; Thu, 19 Dec 2019 07:38:24 -0600
Received: from exchange.research.att.com (njmtcas1.research.att.com [135.207.255.86]) by mail-azure.research.att.com (Postfix) with ESMTP id 358EEE5504; Thu, 19 Dec 2019 08:37:05 -0500 (EST)
Received: from njmtexg5.research.att.com ([fe80::b09c:ff13:4487:78b6]) by njmtcas1.research.att.com ([fe80::e881:676b:51b6:905d%12]) with mapi id 14.03.0468.000; Thu, 19 Dec 2019 08:38:23 -0500
From: "MORTON, ALFRED C (AL)" <acm@research.att.com>
To: Tianran Zhou <zhoutianran@huawei.com>, "secdir@ietf.org" <secdir@ietf.org>, IETF IPPM WG <ippm@ietf.org>
CC: Caoli <caoli@huawei.com>
Thread-Topic: security considerations on the TWAMP
Thread-Index: AdW2IE+K7R6ZTjm3QMWstOtse9zzeAAULTEg
Date: Thu, 19 Dec 2019 13:38:22 +0000
Message-ID: <4D7F4AD313D3FC43A053B309F97543CFA6F0F0C2@njmtexg5.research.att.com>
References: <BBA82579FD347748BEADC4C445EA0F21BF149C8C@NKGEML515-MBX.china.huawei.com>
In-Reply-To: <BBA82579FD347748BEADC4C445EA0F21BF149C8C@NKGEML515-MBX.china.huawei.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [69.141.203.172]
Content-Type: multipart/alternative; boundary="_000_4D7F4AD313D3FC43A053B309F97543CFA6F0F0C2njmtexg5researc_"
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.95,18.0.572 definitions=2019-12-19_01:2019-12-17,2019-12-19 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_policy_notspam policy=outbound_policy score=0 bulkscore=0 phishscore=0 suspectscore=0 lowpriorityscore=0 adultscore=0 impostorscore=0 spamscore=0 mlxlogscore=719 clxscore=1011 mlxscore=0 malwarescore=0 priorityscore=1501 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-1910280000 definitions=main-1912190117
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/kJrYqBH4f8I8mKFkOHh67WenaZk>
Subject: Re: [secdir] security considerations on the TWAMP
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 19 Dec 2019 13:38:53 -0000

Allow only known addresses, or block entire address blocks
where most attacks are coming from. Use ACLs, IPtables, firewalls,
etc.  IOW, there are plenty of mechanisms beyond TWAMP to
meet this need.

Al

From: ippm [mailto:ippm-bounces@ietf.org] On Behalf Of Tianran Zhou
Sent: Wednesday, December 18, 2019 11:15 PM
To: secdir@ietf.org; IETF IPPM WG <ippm@ietf.org>
Cc: Caoli <caoli@huawei.com>
Subject: [ippm] security considerations on the TWAMP

Hi IPPM and SecDir,

When firstly set up the control session between the client and the server, TWAMP(RFC5357) server will listen on a specific TCP port. By default, the well-known port is 862.
However, RFC 5357 does not provide mechanism to restrict the source IP address of the request.
How do you think about the potential DDOS attack risk from the unknown IP source addresses?

Thanks,
Tianran

v2.23.0 | Report a Bug | By Email