Re: [tsvwg] UDP source ports for HTTP/3 and QUIC

"Black, David" <David.Black@dell.com> Fri, 23 July 2021 16:05 UTC

Return-Path: <David.Black@dell.com>
X-Original-To: tsvwg@ietfa.amsl.com
Delivered-To: tsvwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 16A2A3A087C for <tsvwg@ietfa.amsl.com>; Fri, 23 Jul 2021 09:05:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.541
X-Spam-Level:
X-Spam-Status: No, score=-2.541 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.452, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=dell.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zT07vDE6JOGP for <tsvwg@ietfa.amsl.com>; Fri, 23 Jul 2021 09:05:35 -0700 (PDT)
Received: from mx0a-00154904.pphosted.com (mx0a-00154904.pphosted.com [148.163.133.20]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 113793A0874 for <tsvwg@ietf.org>; Fri, 23 Jul 2021 09:05:34 -0700 (PDT)
Received: from pps.filterd (m0170393.ppops.net [127.0.0.1]) by mx0a-00154904.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 16NG2xK1007028; Fri, 23 Jul 2021 12:05:34 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dell.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : mime-version; s=smtpout1; bh=IaMX6yDyeemy1sOavXADW5LEaAM/8+HjQ2LMBObySGQ=; b=rI+TRaBHJuc31pDbYamxQ4r5DQg8kLk8u2l4hKxi0jvAY2lh/jZ6i7ZOHZhK9QEi2PfU +08dN+KLlrOzWmWz7rYqP3hEKFKMxCrrHRium4yIT35OdZPFLT91t9tqiuFFyT/p6GnT B4AVp2U4Sduza2jYFErcQj2TSO4TvkcE0aIt7cF/sw+PpYlf2Q9qioncwqlrbgQGucBH QjuhvfA/GOp/auKjetiJTwzLR4KdtzuOAneRHCR+qp1b8I1NrRSbPH5CaypR9CXPIuPV pUoIFj53J0mvP/x0aQSUW770sAP04uEmV+CIT607ujg1k+yd8Rn46Bj1THhQxyP1jUD3 1w==
Received: from mx0b-00154901.pphosted.com (mx0a-00154901.pphosted.com [67.231.149.39]) by mx0a-00154904.pphosted.com with ESMTP id 39y56fdght-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 23 Jul 2021 12:05:34 -0400
Received: from pps.filterd (m0090350.ppops.net [127.0.0.1]) by mx0b-00154901.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 16NG0riL159611; Fri, 23 Jul 2021 12:05:34 -0400
Received: from nam02-sn1-obe.outbound.protection.outlook.com (mail-sn1anam02lp2044.outbound.protection.outlook.com [104.47.57.44]) by mx0b-00154901.pphosted.com with ESMTP id 3a00298v0j-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 23 Jul 2021 12:05:33 -0400
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=aCX6ie/gFdTTzwfsZIS0kP7cVJHTuq6kOagIFn8mZ69cWAu3EwaWcW9wFtnBtjmem4yaMHq6Q5nDgOWiZOp+cxK5OOPvFcMZs+K8RUxK7qIIm8jCep8t8K1sHit0ck/hnWQuxXH9Tkwk/JXCdaLrHYlyf0coOea+leb6nxy7LWc4COzHZ4NVgvOrEgp0JsXC1ceaooetA+2lljPV0nAhKN0oQUGcoHtYRMKMhcKukKMewSKXFMse1qMn5tt2vs6Jq1WbebKRRoG6k0cQPjzg7ITBsiIKYVU4I5YsoCC1GcHu7QjmxE14dKnRWZI4IPFMM67jfhZHRqSBZpSWu4dDcw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=IaMX6yDyeemy1sOavXADW5LEaAM/8+HjQ2LMBObySGQ=; b=DiHSYtMj3xmyzLqzOSJ4ZLPXsLQNdoS2PjjNWgf8B5a0fviBuWSafGDLySiADidXtzWfYFZdGp01c4PNSjCuD/umC95hkLT+luxzG7utA+uaRWYMP/L5lpcoc/IGRM5AP/5l5XxL6zTdf6ggdRoyhZSurgPp4USZIQrj46bwpFCGohXN6ZWhE4p9L7i/8HxC/ARQS4dZM+jHjluxznID/8i7GNJOtl1OFSBuhAD7o27L66Wp3seOVu5TPMa5X3Rw0u2GySiRIOaLGEvvfOLWvQEI/FsdA+2idGhSfMqPsRsdCfVXTKfG+9p9I1wHbIqFe3ExVeXNjczMFaLNteAHKQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=dell.com; dmarc=pass action=none header.from=dell.com; dkim=pass header.d=dell.com; arc=none
Received: from DM6PR19MB4042.namprd19.prod.outlook.com (2603:10b6:5:243::20) by DM5PR19MB1065.namprd19.prod.outlook.com (2603:10b6:3:34::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4331.29; Fri, 23 Jul 2021 16:05:30 +0000
Received: from DM6PR19MB4042.namprd19.prod.outlook.com ([fe80::b11f:2ef:4713:1523]) by DM6PR19MB4042.namprd19.prod.outlook.com ([fe80::b11f:2ef:4713:1523%6]) with mapi id 15.20.4352.026; Fri, 23 Jul 2021 16:05:30 +0000
From: "Black, David" <David.Black@dell.com>
To: Joseph Touch <touch@strayalpha.com>
CC: Mark Nottingham <mnot@mnot.net>, "tsvwg@ietf.org" <tsvwg@ietf.org>, "Black, David" <David.Black@dell.com>
Thread-Topic: [tsvwg] UDP source ports for HTTP/3 and QUIC
Thread-Index: AQHXfRWTZzzPNpBh0k6ullxufsYrSatLOJoAgAAHd4CAALWUAIAAOrNQgAJBegCAAKd1sIAA0Y0AgADNUFA=
Date: Fri, 23 Jul 2021 16:05:30 +0000
Message-ID: <DM6PR19MB404259513409648A5CF97A3383E59@DM6PR19MB4042.namprd19.prod.outlook.com>
References: <3985895D-D420-4995-831E-332E33693B79@mnot.net> <CF409524-96F3-412A-A8DB-E4EFFDD9F4E7@mnot.net> <E62515E7-38FD-4197-8CF0-2D196FB6D6C4@strayalpha.com> <16CD883B-9561-41A5-97E0-43EF3618333C@mnot.net> <8235BE77-7849-49A3-A709-EB32EB039982@strayalpha.com> <AA5B1FC1-E0E8-488F-AE2E-F21696AD0A06@akamai.com> <MN2PR19MB4045E5063CE13DDE39D5BE8683E29@MN2PR19MB4045.namprd19.prod.outlook.com> <9263482C-2E0A-46F0-9351-B63C0E3B53E0@strayalpha.com> <MN2PR19MB40450ACCE13E4A335FF929A483E49@MN2PR19MB4045.namprd19.prod.outlook.com> <C28BAF21-2C9D-41FF-93A7-E73684E671CE@strayalpha.com>
In-Reply-To: <C28BAF21-2C9D-41FF-93A7-E73684E671CE@strayalpha.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_17cb76b2-10b8-4fe1-93d4-2202842406cd_Enabled=True; MSIP_Label_17cb76b2-10b8-4fe1-93d4-2202842406cd_SiteId=945c199a-83a2-4e80-9f8c-5a91be5752dd; MSIP_Label_17cb76b2-10b8-4fe1-93d4-2202842406cd_Owner=david.black@emc.com; MSIP_Label_17cb76b2-10b8-4fe1-93d4-2202842406cd_SetDate=2021-07-23T16:05:27.7650599Z; MSIP_Label_17cb76b2-10b8-4fe1-93d4-2202842406cd_Name=External Public; MSIP_Label_17cb76b2-10b8-4fe1-93d4-2202842406cd_Application=Microsoft Azure Information Protection; MSIP_Label_17cb76b2-10b8-4fe1-93d4-2202842406cd_ActionId=31fc0ad2-6914-4d0e-a360-5f5b19740a46; MSIP_Label_17cb76b2-10b8-4fe1-93d4-2202842406cd_Extended_MSFT_Method=Manual
authentication-results: strayalpha.com; dkim=none (message not signed) header.d=none;strayalpha.com; dmarc=none action=none header.from=dell.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 7df24857-e66f-49e0-1280-08d94df3b1f6
x-ms-traffictypediagnostic: DM5PR19MB1065:
x-ms-exchange-transport-forked: True
x-microsoft-antispam-prvs: <DM5PR19MB106588A8A37AF1438C39145983E59@DM5PR19MB1065.namprd19.prod.outlook.com>
x-exotenant: 2khUwGVqB6N9v58KS13ncyUmMJd8q4
x-ms-oob-tlc-oobclassifiers: OLM:5236;
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: OYGOSLq1WK++C2a9X0EFouNP/o61H1/h6yS0k+T2xraSqnkjeSg2TjhrRLDZCN6mjR1Q/I7Q3IoASEA8ECq7NgZQLBMVIK2pgdo1argYCgM0mkHkbe5iChHz8E2evUPj+cDiwaJ2Q405n5r9un5JYqiNEUcSvRKtViSOOa7yIOF8WG8EA/db0zPY18N8kJgpL90q35Jf7+TABeQomg3B2tUysw2r3uCG4QfkXfxEzF7Wa1LYlZbT1URkVA40p4tCjrXVrharwaXIOr2+tUGzFneS7rWzsVU3Sui7gOOuaiUKB2v8wQPQFOYz4xMydvJT9Ge7E9oT1PQLXovQ2EmluUo5bW5s/H6BTbIc2AT+4ToWsxxOlrkHgTW4eGoAEhl4gevlU9Au9wWclr3pnDi40JyGRSFk8lYrlkxEX3KGj7plxDNc3Penouf2nT1h8Ftop3nw0d26MjEffjqzaBoXaAcJmPi+tAtsR0nlATXoKIOf02+QhOvSJ1eIk96vJAHm266YXB4Od8lYiZoxnwlSAZ6E8kH9LQpiJnw7FP04xtYWCn/XwYge2EN4ldKsDtCeEY2h9E9sa21cyYdfiUe9iyuMHbi528Wn/NxvAdr3sIDiyRYYk4++EWHL1utEd73hHZhNGcAXQEPumUoOxuRX9dKwsCMkLtqBleDtYuMuFXsnGdPIxl01Zb1eNXzEFGUAmELO3DS+A0Mu/FA1BntZA1HEYp1mJ8lV+mAFEDbT/CsPDlGDvwDiV6yxvNntwoao9M7bAmfeWjxLa3RPImoDrbiLfwXXM/BEgRpS0fxoTsE=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DM6PR19MB4042.namprd19.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(396003)(39860400002)(366004)(346002)(136003)(376002)(38100700002)(54906003)(186003)(66476007)(478600001)(66556008)(7696005)(55016002)(166002)(76116006)(33656002)(53546011)(64756008)(8936002)(6506007)(8676002)(66446008)(83380400001)(71200400001)(66946007)(107886003)(2906002)(122000001)(86362001)(9686003)(6916009)(52536014)(786003)(316002)(5660300002)(4326008)(26005)(38070700004); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: =?utf-8?B?blZaZ1lncnRVbllKbkdScmZIVVV0QkRnVjBTNFdXZ0xLVmZUZVVaUjNFMHU1?= =?utf-8?B?Vno5WDhuS3J3VjVjbmI1TXlWTzhLMjd2NnN5KytSQ29KeUNxamt1NkduRzN2?= =?utf-8?B?MXRHMFdzdGoxSXVZcS9zQ0psRmRFc0JKZDZHS2xWYzJZWWFhTlRqUmhoUit2?= =?utf-8?B?YjVFcU5hQXNqdTQ3eHVaakk0bEhYQlB2WFBiRGFjaFF4L0wxSk4xb281Z3ZL?= =?utf-8?B?NHZrcGIwOUtreXU2L05GSzNBVE4yOWtWTkxpK01yRFlXWVdzTXJTN3dNNzZW?= =?utf-8?B?UDljM2lxd0hueWlOUHRvSXhRUFZndjNQNEZOQnQxWCt0akFNUXg3OWFsZWti?= =?utf-8?B?Y1AzelpGVitWb0FMOE8zYjVYUy8rckNNa1lMbWVNQllnNlpTWGdieVVDajBs?= =?utf-8?B?K1JTczlLNE1UNzJTbU9DWStBbTd2VXNYWUxobkxWdTN1ejl0a3BsOWRac0Iv?= =?utf-8?B?Q1NCVEEzRGJCSWdxUUFUQ0VMYUlJMmxqTURockd3NzliL1dXbzJEajRRWFV3?= =?utf-8?B?bkhuODhqQUZ5Mm4rS3Z4MS8xdXdkTjdOUGF6NHU0SnNLQjFjL0syRCtpWTJY?= =?utf-8?B?eHc0bEtyd0M0NmJJbHJWYlVhbkpETHpOdkxlKzJ5WEJPNkhGMnZxRGgvRUls?= =?utf-8?B?VFZQU2ZSS3VPYkVPNi83V1BhWTF6VGJMTzZCcnlWbVlJakxPWEdvemRHNml2?= =?utf-8?B?QXAwejVubXQ0djREMTROSjRFUzU0a2pxTVJsR1VkYmlSRGNOMXlJenVPb21M?= =?utf-8?B?Z09lczRSWllVMmladmdHSitpZ09SWjBPM3JNenoySnJ1WjJDUVcybGo1SEFW?= =?utf-8?B?ci9xSWoyaWZxdTVUV0FBNGFXcFhJTTlEMlI2cTROemFKQ0wyTkM0UGoxRlRI?= =?utf-8?B?OW42cjZmOFF3K0pzWC85K2ZMN2VyOWpPYi9DT1lqd3MrelRxeEhmZXNvVEVl?= =?utf-8?B?NXN6YXZvenpUcFcxYTVYdFJvY0c5a3o0RzgxWmdNTmI0eHV6ZU0rY2IrbmxT?= =?utf-8?B?N0xOSDlVKzJTbE43NjNCZmljZ3RqTzFTQ2lxRDYwRTlhV1RJaFk5czlxMUJN?= =?utf-8?B?VUdxMTFqOTliMndHekhJQ2dTOHpMbEY1YlFSZWtWTDdLeTRkMlRucnZxWnFR?= =?utf-8?B?SjkxejVPV0NIcHArcGtNYTdBVEdJOEFWdkh0NkNZUkRocU5nSUZibmF5RU9B?= =?utf-8?B?ZHNnbVFtTjJGVE84ZG9WMmp6NWJGSnVVMWJ1ejVydmZ5MnlXbzZQNnE2cFd6?= =?utf-8?B?NjY3dlAydDIvZ1YxVmlGNXNUV3J6YTQ1MExta3JWUDVZdTM0cEtmZ1ZjVlhy?= =?utf-8?B?K2RVcEJKNkFiaHZRdmVyZjdUZWlBd1p2ZG1HOWlmaXRJakIxR2sxczNKMk9L?= =?utf-8?B?Z3RqK3NMN3VhQ3VtYlhady9na3UyTmZwS1VmaTViSThKdHFjcWdSN3g1VVI3?= =?utf-8?B?TzVRKzd2Ty9uT29EMHlvNEdhMitFRzBXdytqU1YvWVZGbi9yWmZDWnhXLy9z?= =?utf-8?B?dFFOK2N6by9FWXRzaWdTMlREVnJoWjB3R0tQMUlwN2Q4R05oR09QR3hmK0VJ?= =?utf-8?B?T2hEaGlBRGl1MmcwT2hmZkRiQ0NvMFR1ejhrVU9SeEhNQTJuR09GMW5lTlVR?= =?utf-8?B?REZTZXRLMkl0Vi9rQXJySmR2eCt0S3N3ZDI1dTlNZWpiMlZyN1BqcDdGRTcx?= =?utf-8?B?Q2xSVnlvb0oyUFJ2U0JERkg1SGpsQ1hWVUwxYXM1K0tIdWhsRTVmYThLMEpS?= =?utf-8?Q?PSwr9o6oaCrPV3WH2MRQgkDG3vee1r0Qd5I3Iny?=
Content-Type: multipart/alternative; boundary="_000_DM6PR19MB404259513409648A5CF97A3383E59DM6PR19MB4042namp_"
MIME-Version: 1.0
X-OriginatorOrg: Dell.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DM6PR19MB4042.namprd19.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 7df24857-e66f-49e0-1280-08d94df3b1f6
X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Jul 2021 16:05:30.7218 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 945c199a-83a2-4e80-9f8c-5a91be5752dd
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: +/4I73XbcwXot9klUYnNXJJrIjbGxloOPKNVU8si1z1jq3SYLzlnzZqWDXZLpT6553xHtsxCDLa83noGPQNCgg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR19MB1065
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.391, 18.0.790 definitions=2021-07-23_08:2021-07-23, 2021-07-23 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 mlxscore=0 bulkscore=0 priorityscore=1501 suspectscore=0 lowpriorityscore=0 clxscore=1015 impostorscore=0 malwarescore=0 mlxlogscore=999 phishscore=0 spamscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2104190000 definitions=main-2107230097
X-Proofpoint-GUID: 3BpvXYxvouQqe8048LUy6pyWU54OX-Qk
X-Proofpoint-ORIG-GUID: 3BpvXYxvouQqe8048LUy6pyWU54OX-Qk
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 phishscore=0 adultscore=0 spamscore=0 malwarescore=0 suspectscore=0 mlxlogscore=999 mlxscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2104190000 definitions=main-2107230097
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsvwg/huinrvNJPMy2DR5auhJkJzkjlhQ>
Subject: Re: [tsvwg] UDP source ports for HTTP/3 and QUIC
X-BeenThere: tsvwg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Transport Area Working Group <tsvwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsvwg/>
List-Post: <mailto:tsvwg@ietf.org>
List-Help: <mailto:tsvwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsvwg>, <mailto:tsvwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 23 Jul 2021 16:05:40 -0000

> This is the core Issue though. So we have a problem where people generate spoofed traffic.
>
> And some patterns of that traffic can be identified by how they use source ports.

In the cases of interest for this discussion, the source ports are real not spoofed.

> But then we make a list of the ports that have been abused this way. That step is problematic. It serves to endorse what is, in essence, squatting. Even though source ports are not assigned, it says “hey, they now own these”.

Nope, that's not what's going on, please go back and reread Mark's original message which contains examples of services that can cause this problem with non-squatting use of registered ports (https://mailarchive.ietf.org/arch/msg/tsvwg/7Fbxa5NryyUzJSWesNFbAx6hs3U/).

To belabor an example that needs to be understood – NTP servers can be used in DDoS amplification attacks where it is the responses from the NTP servers that use the *IANA-registered port 123 (for NTP) as a source port, consistent with  the purpose for which it is registered* that DDoS the victim because the NTP requests from the attacker *spoofed the victim's IP address, not the port*.

There is no port squatting involved in the examples that Mark used.
> I know that’s not what you will say, but that’s what will happen.
>
> I would welcome some sort of suggestions of what could be done that doesn’t end this way, but can’t imagine one.

Writing an RFC to create the IANA registry forces this issue (whether or not the registry includes ports that are being squatted upon) to be resolved before any list gets any official imprimatur, as the rules/procedures for populating and maintain an IANA registry have to be approved in the RFC before IANA will do anything.

Thanks, --David

From: Joseph Touch <touch@strayalpha.com>
Sent: Thursday, July 22, 2021 11:26 PM
To: Black, David
Cc: Mark Nottingham; tsvwg@ietf.org
Subject: Re: [tsvwg] UDP source ports for HTTP/3 and QUIC


[EXTERNAL EMAIL]



On Jul 22, 2021, at 8:05 AM, Black, David <David.Black@dell.com<mailto:David.Black@dell.com>> wrote:

Hi Joe,

Let's start from a couple of aspects where we're in rough agreement:


  *   "… agree with documenting the problem as a problem, but not as a practice." &
  *   " … no problem making a list of ports that people ... attribute to attacks."

This is the core Issue though. So we have a problem where people generate spoofed traffic.

And some patterns of that traffic can be identified by how they use source ports.

So we document that this happens. That’s fine.

But then we make a list of the ports that have been abused this way. That step is problematic. It serves to endorse what is, in essence, squatting. Even though source ports are not assigned, it says “hey, they now own these”.

I know that’s not what you will say, but that’s what will happen.

And that, in essence, is what I object to.

I would welcome some sort of suggestions of what could be done that doesn’t end this way, but can’t imagine one.

Joe