Dino,
I think statements are true. That is:
1) The attack stream is crafted to maximize the ratio of attack packets to
map-requests.
2) Traffic originating from a real PiTR probably won't maximize the ratio of
attack packets to map-requests because "packets encapsulated by PITRs originate
from non-LISP sources. Thereby the ITR at the LISP site will natively-forward
to those random places. And those native-forward map-cache entries are very
coarse since the mapping system returns the least specific prefix that covers
all non-LISP sites."
In either case, if we are going to deploy LISP on the global Internet, we need
to deal with the attack in the threats document.
Ron
> -----Original Message-----
> From: Dino Farinacci [mailto:[email protected]]
> Sent: Tuesday, May 27, 2014 9:12 PM
> To: Ronald Bonica
> Cc: Paul Vinciguerra; Joel M. Halpern; Damien Saucez; Roger Jorgensen; LISP
> mailing list list
> Subject: Re: [lisp] Restarting last call on LISP threats
>
>
>
> > On May 27, 2014, at 5:18 PM, Ronald Bonica <[email protected]> wrote:
> >
> > RPB]
> > Exactly. Source EIDs are chosen to maximize the ratio of attack packets to
> map-requests sent by the victim XTR.
> >
> > This is what make the attack stream so different from a stream that a PiTR
> is likely to send during normal operation.
>
> It is not different for that reason. It is different because packets
> encapsulated by PITRs originate from non-LISP sources. Thereby the ITR at
> the LISP site will natively-forward to those random places. And those native-
> forward map-cache entries are very coarse since the mapping system returns
> the least specific prefix that covers all non-LISP sites.
>
> I believe Paul is still right IMO.
>
> Dino
_______________________________________________
lisp mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/lisp
