Re: Defeating DoS Attacks Through Accountability
On Sat, 11 November 2000, Mark Prior wrote:
How would you propose to handle the case where an organisation has their own IP space which isn't currently advertised and then you receive a request from a third party to route it to them?
First I would suggest they register their claim to use the IP address with the appropriate registration agencies. As I understand it, every register has a method for recording further delegations. It is providers who choose to create the problem by not recording the delegation. If for some reason they can't change the organization of record for the IP address, there is a concept called a "Letter of Agency" which is used when someone wants to authorize a third-party to take actions on their behalf. If the third-party does not have a LOA from the coordinator of record for the IP address, I wouldn't view it as a valid request. If they can't change the coordinator of record, nor can they get the coordinator of record to give them a LOA; you should have known there is not clear authorization for the third-party to use the IP address. How would you propose to handle the case where a person has a credit card number, and then you receive a request from a third party with no evidence of any authorization from the registered card owner to charge stuff on that card number?
On Sat, Nov 11, 2000 at 10:41:13PM -0800, Sean Donelan wrote:
How would you propose to handle the case where a person has a credit card number, and then you receive a request from a third party with no evidence of any authorization from the registered card owner to charge stuff on that card number?
The card gets charged regardless; if that turns out to be an unauthorised transaction it gets challenged later (assuming it is noticed at all). That's what happens today, as far as I can see. Uncanny resemblance :)
Joe Abley wrote:
On Sat, Nov 11, 2000 at 10:41:13PM -0800, Sean Donelan wrote:
How would you propose to handle the case where a person has a credit card number, and then you receive a request from a third party with no evidence of any authorization from the registered card owner to charge stuff on that card number?
The card gets charged regardless; if that turns out to be an unauthorised transaction it gets challenged later (assuming it is noticed at all).
That's what happens today, as far as I can see. Uncanny resemblance :)
Actually, if you are the merchant and want to handle credit cards : 1.) You get a discout if you run a address check (even if you then ignore a failure) and 2.) If the transaction is successfully challenged or is bogus YOU have to pay (and the CC bank may actually hold back some of your CC income to make sure that you do) AND 3.) If the failed transaction rate (i.e., bogus + successfully challenged transactions) is consistently > about 5% you will be TERMINATED AND BLACK HOLED !!! (i.e., you will find it very hard to do any more credit card transactions with anyone...) It seems to me that the credit card industry is a little more serious about this... Regards Marshall Eubanks Multicast Technologies, Inc. 10301 Democracy Lane, Suite 201 Fairfax, Virginia 22030 Phone : 703-293-9624 Fax : 703-293-9609 e-mail : tme@on-the-i.com http://www.on-the-i.com
Sean Donelan wrote:
On Sat, 11 November 2000, Mark Prior wrote:
How would you propose to handle the case where an organisation has their own IP space which isn't currently advertised and then you receive a request from a third party to route it to them?
First I would suggest they register their claim to use the IP address with the appropriate registration agencies. As I understand it, every register has a method for recording further delegations. It is providers who choose to create the problem by not recording the delegation.
If for some reason they can't change the organization of record for the IP address, there is a concept called a "Letter of Agency" which is used when someone wants to authorize a third-party to take actions on their behalf. If the third-party does not have a LOA from the coordinator of record for the IP address, I wouldn't view it as a valid request.
I'm not sure you're being clear. If someone has portable /24 or /16, and does NOT do their own BGP, but contracts with ONE ISP to do that advertisement. How do other ISPs know that ISP has permission? We could point to the RADB, but it's chock full of bogus data. We could point to ARIN, but their database just says the owner of the net in question is whomever it is. Those who own that space have a legitimate right to use that space, so telling them to get ISP-provided space is a non-starter. I agree it's a problem in need of a proper solution. The solution has to account for portable address space not owned by providers. -- ----------------------------------------------------------------- Daniel Senie dts@senie.com Amaranth Networks Inc. http://www.amaranth.com
Daniel Senie wrote:
I'm not sure you're being clear. If someone has portable /24 or /16, and does NOT do their own BGP, but contracts with ONE ISP to do that advertisement. How do other ISPs know that ISP has permission? We could point to the RADB, but it's chock full of bogus data. We could point to ARIN, but their database just says the owner of the net in question is whomever it is. Those who own that space have a legitimate right to use that space, so telling them to get ISP-provided space is a non-starter.
If an ISP customer of mine wants me to statically route to them a block of space that one of their customers owns, I require authorization from their customer - the entity to which the block in question has been delegated - saying that my customer (their provider) is permitted to route a certain block. The authorization must come from the delegated organization, but it can be provided (relayed) to me by my customer. It could be part of an engineering sheet that's been signed by the downstream, for all I care. It works the same way if you replace "statically route to them" with "not filter annoumcements from them for." Essentially, I want my customer to call me up and say "I don't own this block but my customer does, I've just FAXed you authorization from her saying that we are allowed to announce part of her block." I then get on the phone with my upstreams and ask them to relax their filters a bit, and furnish any authorizaiton necessary (which they unfortunately typically don't require). Once I've added the route or lifted the filter, though, there's no way for me verify that the status of the block has not changed unless someone challenges it. The current system was built around trust - my upstreams trust me not to maliciously want to announce blocks I'm not entitled to announce, and filter only to prevent me from shooting myself and others in the feet. The requirement for having filters explicitly modified at least means that fingers can be pointed if something is screwed up, but the implicit trust means that some clown can blackhole 198.41.0.0/23 for at least a little while, long enough to cause the a disruption.
I agree it's a problem in need of a proper solution. The solution has to account for portable address space not owned by providers.
In addition to permitting further delegations of "ownership" of address space, perhaps allocation authorities should also provide a mechanism for delegating routability from an owner to its upstreams. Such a system would provide a more-or-less central database to check when a request for a new route is made and to validate existing routes against. Of course nobody would use such a system unless it was required, and once again, the requirement has to come from the top - the major NSP players - and "trickle down" to the end networks. Mark
participants (5)
-
Daniel Senie -
Joe Abley -
Mark Mentovai -
Marshall Eubanks -
Sean Donelan