[members-discuss] Technical solution to resolve Spoofed IP traffic, Spoofed amplification DDoS attacks, BGP&RIR hijacking, IoT botnet infections and Botnet C&Cs
- Previous message (by thread): [members-discuss] Technical solution to resolve Spoofed IP traffic, Spoofed amplification DDoS attacks, BGP&RIR hijacking, IoT botnet infections and Botnet C&Cs
- Next message (by thread): [members-discuss] Technical solution to resolve Spoofed IP traffic, Spoofed amplification DDoS attacks, BGP&RIR hijacking, IoT botnet infections and Botnet C&Cs
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Töma Gavrichenkov
ximaera at gmail.com
Thu Apr 30 23:58:52 CEST 2020
Ah yes!! On Thu, Apr 30, 2020 at 11:31 PM Elad Cohen <elad at netstyle.io> wrote: > - The data field in an ip packet - will always > be the same for an access attempt to a IoT > device with default credentials - hence these > kind of "IP protocol data fingerprints" which > are related to specific "IP protocol numbers" > will be provided by ICANN backend > infrastructure to each BGP router through > the opened session with it. Everywhere except for China and, possibly, North Korea, border routers are *not* DPI devices. Hence they don't have an *ability* to *look* through the IP packet data, let alone apply any checksums or fingerprints. Otherwise, gosh, TCP with its checksums wouldn't have been necessary. A DPI device costs I think 500 times more than a typical border routing device in use in Europe. (this is a rough estimation based on the packet length, it might be slight less or a couple orders of magnitude more than that) And yes. This solution requires a complete *hardware* update to all the border routers. I think that's a concept for a PhD topic in economy (quite possibly also a Nobel prize) rather than for a members-discuss thread. P.S. I want to reiterate that those topics are relevant to secdispatch at ietf.org. Only after they are submitted as an I-D and dispatched to a working group, AND the working group accepts the I-D as a working group draft, they are on-topic in here. Otherwise, they are off-topic. Thank you in advance for understanding. -- Töma
- Previous message (by thread): [members-discuss] Technical solution to resolve Spoofed IP traffic, Spoofed amplification DDoS attacks, BGP&RIR hijacking, IoT botnet infections and Botnet C&Cs
- Next message (by thread): [members-discuss] Technical solution to resolve Spoofed IP traffic, Spoofed amplification DDoS attacks, BGP&RIR hijacking, IoT botnet infections and Botnet C&Cs
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]