Hi Mingzhe, As the main author of the DOTS telemetry spec, I’m enthusiast to this proposal and would like to see more details/practicalities. I have two logistic-related comments:
* Did you checked with SAVNET WG? * Also, it seems to me this was presented in dispatch-all IETF#119. The reaction was positive as I recall but was there any follow-up with the sec ADs as: == Dispatch outcome: To a BOF; maybe related topics not just this draft. == Thank you. Cheers, Med On Oct 18, 2024, at 12:39 AM, 邢铭哲 <xingmz=40zgclab.edu...@dmarc.ietf.org<mailto:xingmz=40zgclab.edu...@dmarc.ietf.org>> wrote: Dear OPSAWG Experts, We have submitted a draft titled "SAV-based Anti-DDoS Architecture" (https://datatracker.ietf.org/doc/draft-cui-savnet-anti-ddos/), which focuses on enhancing security operations to defend against DDoS attacks using a SAV-D controller. The draft is motivated by the observation that spoofed IP addresses can lead to severe DDoS attacks. While Source Address Validation (SAV) schemes are an effective means of mitigating such attacks, the limited deployment of SAV devices impairs their overall performance. In this context, we propose the SAV-D architecture to leverage information from both SAV and non-SAV devices. This approach improves detection accuracy and incentivizes broader deployment of SAV devices. Specifically, the architecture allows SAV honeypots, legacy routers, and victim defense systems to interact with the SAV-D controller, retrieving comprehensive threat intelligence to inform defense strategies. Furthermore, the SAV honeypots report malicious packet information to the SAV-D controller, enabling data analysis and the creation of global threat intelligence. The SAV-D controller can also provide comprehensive attack situation awareness, helping operators manage their networks more effectively. Our draft introduces the overall architecture of the SAV-D controller, the interaction with devices, the data transmission protocol, workflow, deployment strategies, and examples of connections. Based on SAV-D, we have set up a small-scale experimental environment and validated the effectiveness of the framework against reflective DDoS attacks. The details can be found in the paper(SAV-D: Defending DDoS with Incremental Deployment of SAV ). This draft offers a practical operational solution for defending against spoofed IP DDoS attacks while utilizing existing SAV devices, legacy routers, and victim defense mechanisms. We submit this to OPSAWG and look forward to your valuable feedback to improve the draft. Best regards, Mingzhe ____________________________________________________________________________________________________________ Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration, Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci. This message and its attachments may contain confidential or privileged information that may be protected by law; they should not be distributed, used or copied without authorisation. If you have received this email in error, please notify the sender and delete this message and its attachments. As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified. Thank you.
_______________________________________________ OPSAWG mailing list -- opsawg@ietf.org To unsubscribe send an email to opsawg-le...@ietf.org
