> Hi Paul, > > The attack scenario that I envision is slightly different from the on that > you describe below: > > - LISP is widely deployed. Tens of thousands of XTRs are deployed world-wide. > The mapping system data base contains hundreds of thousands of EID prefixes. > - The attack stream is large > - Each packet in the attack stream has a unique source LOC > - All packets in the attack stream have the same destination LOC. This LOC > represents the XTR under attack. > - Each packet in the attack stream has a destination EID that will cause it > to reach a valid destination (i.e., a destination that will respond). > However, all packets in the attack stream don't have the same destination. > The attack stream is spread out across multiple valid EID destinations to > make it less detectable. > - Each packet in the attack stream has a carefully chosen source EID. It is > chosen to maximize the ratio of attack packets to map-requests. > > One attack stream attacks an XTR. Multiple simultaneous attacks against > multiple XTRs can DoS the mapping system, itself. > > A PxTR probably won't generate this attack stream. However, an attack tool > might.
Ignoring the unique source RLOC (which makes no difference in this attack because we are not doing a RPF check on the ETR), it is the same as if a PITR was encapsulating from the same set of source-EIDs to the same set of destination-EIDs you describe above. That was his point. So some clarifications: (1) What does unique source LOC mean? I assume you mean each packet as a different source RLOC and that the address is not duplicated from multiple sites (i.e. is it not a private address like 192.168.1.1), or do you meawn something else? (2) And what is carefully chosen mean? You might mean a scan of differnet source EIDs in each packet so the xTR that returns packets will get more map-cache misses? Dino _______________________________________________ lisp mailing list [email protected] https://www.ietf.org/mailman/listinfo/lisp
