Dino,
You have a very good point! Rather than arguing about whether DoS attacks
against the control plane are possible, a more constructive course of action
might be:
a) to document the attacks
b) to brainstorm for mitgations
IMHO, a) should definitely happen in the threats document. It should include
DoS attacks initiated by attackers:
a1) who are outside of LISP sites
a2) who are inside of LISP sites
Mitigations could be documented in the threats document or somewhere else. The
AD's and chairs will probably want to make that call.
Do you see an obvious mitigation to A1 and A2?
Ron
>
> > activity causes control plane activity. Since forwarding plane bandwidth
> exceeds control plane bandwidth, DoS attacks against the control plane are
> possible.
>
> Yes, for every protocol we have invented. But like I said, there are better
> ways to solve this with LISP. If you look at all the drafts in totality, you
> will see
> we have a decent toolbox of solutions that COULD fight this traditional
> problem.
>
> You are merely (and continually) looking ONLY at the map-cache miss
> problem.
>
> > In order to be complete, the threats document must describe the DoS
> threat. It should also describe mitigations, if any exist.
>
> I agree with that. No one is arguing your point or Ross point. But rather than
> just documenting what they are, we want to fix them. So that is were we
> should put our attention. So let's have all of us work together and identify
> the problems and brainstorm about fixes.
>
> Rather than just saying what is wrong.
>
> Dino
>
_______________________________________________
lisp mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/lisp
