ve more specific examples, that would be
appreciated.
Thanks again, Amir
--
Amir Herzberg
Comcast professor of Security Innovations, Computer Science and
Engineering, University of Connecticut
Homepage: https://sites.google.com/site/amirherzberg/home
`Applied Introduction to Cryptography'
er. But if not, then
we'll see it in the conference :)
best, Amir
--
Amir Herzberg
Comcast professor of Security Innovations, Computer Science and
Engineering, University of Connecticut
Homepage: https://sites.google.com/site/amirherzberg/home
`Applied Introduction to Cryptography' te
efix would result in increased vulnerability to prefix hijacks.
But if there's only a DDoS attack on the prefix and it's not being hijacked
at the same time, then I think this practice may be fine - which would make
such `emergency ROA' unnecessary.
So that's very very useful feedbac
t to waste our time on presenting cute solutions to
non-real problems :)
So thanks for your help! Use your judgement if to respond on list or off
list.
Many thanks, Amir
--
Amir Herzberg
Comcast professor of Security Innovations, Computer Science and
Engineering, University of Connecticut
Homep
. And deployment and standardization are very important and
challenging. BGP-iSec, at this point, is just an academic study studying
some new ideas and evaluating their impact in specific configurations,
under specific assumptions etc.; hopefully, this may provide some help to
the community in impro
rence
- or just read the final version.
Available from:
https://www.researchgate.net/publication/375553362_BGP-iSec_Improved_Security_of_Internet_Routing_Against_Post-ROV_Attacks
--
Amir Herzberg
Comcast professor of Security Innovations, Computer Science and
Engineering, University of Conne
Randy, thanks for sharing, I didn't know this is actually done. Any idea if
they use something clever or just exhaustive search? thanks Amir
--
Amir Herzberg
Comcast professor of Security Innovations, Computer Science and
Engineering, University of Connecticut
Homepage: https://sites.googl
ly. I wonder if anyone is using it , in fact. It would be nice to know
if someone has the data handy.
Thanks! Amir
--
Amir Herzberg
Comcast professor of Security Innovations, Computer Science and
Engineering, University of Connecticut
Homepage: https://sites.google.com/site/amirherzberg/home
`Ap
rge
`unknown' prefixes and super-prefixes of AS 0 ROAs - but either could be
applied or even their conjunction)
tks, Amir
--
Amir Herzberg
Comcast professor of Security Innovations, Computer Science and
Engineering, University of Connecticut
Homepage: https://sites.google.com/site/amirherzberg/home
nce it's too large a prefix without ROA and in particular includes
sub-prefixes with ROA, esp. ROA to AS 0?
--
Amir Herzberg
Comcast professor of Security Innovations, Computer Science and
Engineering, University of Connecticut
Homepage: https://sites.google.com/site/amirherzberg/home
ed in the `maxlength considered
harmful' paper and RFC (RFC 9319), nothing really new here.
Best, Amir
--
Amir Herzberg
Comcast professor of Security Innovations, Computer Science and
Engineering, University of Connecticut
Homepage: https://sites.google.com/site/amirherzberg/home
`Applied In
so you get more instances of `invalid' announcements, making
adoption of ROVs and ROAs harder.
Just a thought... Amir
--
Amir Herzberg
Comcast professor of Security Innovations, Computer Science and
Engineering, University of Connecticut
Homepage: https://sites.google.com/site/amirhe
ademic `exercise'?
I'm really unsure about these questions - esp. the last one - and your
feedback may help me decide on the importance of this line of research.
Just fun or of possible practical importance?
thanks and peace, Amir
--
Amir Herzberg
Comcast professor of Security Innov
lect the shorter path anyway, without need to filter out the
long one, right?
So, filtering announcements with many prepends may cause you to lose
connectivity to these networks. Of course, you may not mind losing
connectivity to Kazakhstan :) ...
best, Amir
>
>
> --
Amir Herzberg
nough and nanog isn't the forum to discuss. Unless there's something you
really think of interest to the entire community, of course.
Peace (hopefully, in Ukraine too), Amir
--
Amir Herzberg
Comcast professor of Security Innovations, Computer Science and
Engineering, Univer
nd tell me
off-list to avoid additionally bothering the list, I promise that I'll
respect this feedback.
best, Amir
--
Amir Herzberg
Comcast professor of Security Innovations, Computer Science and
Engineering, University of Connecticut
Homepage: https://sites.google.com/site/amirherzberg/home
nst such
TLAs, but I think it is legitimate for some people to be concerned.
Best, Amir
--
Amir Herzberg
Comcast professor of Security Innovations, Computer Science and
Engineering, University of Connecticut
Homepage: https://sites.google.com/site/amirherzberg/home
`Applied Introduction to Cr
nd to me privately; if there are useful responses,
>> I could post a summary to the list after few days (of collecting responses,
>> if any).
>>
>
> I would strongly encourage engaging with the IETF (
> https://datatracker.ietf.org/wg/sidrops/about/ et al) wh
y).
thanks and regards... Amir
--
Amir Herzberg
Comcast professor of Security Innovations, Computer Science and
Engineering, University of Connecticut
Homepage: https://sites.google.com/site/amirherzberg/home
`Applied Introduction to Cryptography' textbook and lectures:
https://sites.google.c
thanks!)
Amir
--
Amir Herzberg
Comcast professor of Security Innovations, Computer Science and
Engineering, University of Connecticut
Homepage: https://sites.google.com/site/amirherzberg/home
`Applied Introduction to Cryptography' textbook and lectures:
https://sites.google.com/site/amirher
ndpa was a high-voltage/wattage engineer. He always said, `an
engineer can make an error, but only once'.
Luckily, we can make many errors :)
--
Amir Herzberg
Comcast professor of Security Innovations, Computer Science and
Engineering, University of Connecticut
Homepage: https://sites.googl
some number,
but this seems necessary (to me).
--
Amir Herzberg
Comcast professor of Security Innovations, Computer Science and
Engineering, University of Connecticut
Homepage: https://sites.google.com/site/amirherzberg/home
`Applied Introduction to Cryptography' textbook and lectures:
On Fri, Aug 13, 2021 at 12:50 PM Baldur Norddahl
wrote:
>
> On Fri, Aug 13, 2021 at 3:54 AM Amir Herzberg
> wrote:
>
>> On Thu, Aug 12, 2021 at 4:32 PM Baldur Norddahl <
>> baldur.nordd...@gmail.com> wrote:
>>
>>>
>>>
>>> On Thu,
On Thu, Aug 12, 2021 at 4:32 PM Baldur Norddahl
wrote:
>
>
> On Thu, Aug 12, 2021 at 7:39 PM Amir Herzberg
> wrote:
>
>> Bill, I beg to respectfully differ, knowing that I'm just a researcher
>> and working `for real' like you guys, so pls take no offence.
On Thu, Aug 12, 2021 at 1:22 PM William Herrin wrote:
> On Thu, Aug 12, 2021 at 9:41 AM Hank Nussbacher
> wrote:
> > On 12/08/2021 17:59, William Herrin wrote:
> > > If you prune the routes from the Routing Information Base instead, for
> > > any widely accepted size (i.e. /24 or shorter netmask
On Thu, Aug 12, 2021 at 12:43 PM Hank Nussbacher
wrote:
> On 12/08/2021 17:59, William Herrin wrote:
>
> > If you prune the routes from the Routing Information Base instead, for
> > any widely accepted size (i.e. /24 or shorter netmask) you break the
> > Internet.
>
> How does this break the Inte
khole subprefix traffic rather than send
it on a route which would be hijacked (i.e., if the route is to a neighbor
AS that announced legit prefix _and_ hijacked subprefix). Simple.
[and no, I'm not happy with the resulting disconnections. but it's better
than hijack imho]
best, Amir
--
like Job Snijders or Cecilia Testart could have provided you an
> up-to-date list of ASes that currently deploy ROV. It is not clear to me
> why it is useful to look at scenarios in which those networks potentially
> no longer deploy ROV.
>
Excellent point, this may indeed be a mo
s I normally do; btw part of it is for giving tutorial on PKI and
participating in the CANS conference, if anybody interested, it's free ;
not that I understand why I agreed to do it :)
Cheers, Amir
--
Amir Herzberg
Comcast professor of Security Innovations, University of Connecti
or by direct email to me, is welcome, thanks.
btw, I keep most publications there (researchgate), incl. the drafts of
`foundations of cybersecurity' ; the 1st part (mostly applied crypto) is in
pretty advanced stage, feedback is also very welcome. URL in sig.
--
Amir Herzberg
Comcast pr
he attack may be much reduced when the attacker
has to prepend. Note also that if one combines ASPA, the protection would
be even better. The simulation results in our SIGCOMM'2016 give some idea
of these benefits (imprecise, of course).
I _think_ Randy will agree; but then again, Randy love
ddresses which have been spoofed. If the attacker
> was hitting random ports on those hosts, I'd expect to see some RSTs.
>
yes, but I bet attacker is not hitting random ports, attacker is hitting
real servers in TCP listen.
(sorry don't have time to netflow... have tons of work
it may take me quite a while to make this (2nd) part useable.
--
Amir Herzberg
Comcast professor of Security Innovations, University of Connecticut
Homepage: https://sites.google.com/site/amirherzberg/home
Foundations of Cyber-Security (part I: applied crypto, part II:
network-s
see some familiar (academic, mostly)
names in the PC. There is not much time until the submission deadline of
April 10.
URL: https://conferences.sigcomm.org/sigcomm/2020/workshop-mantra.html
Cheers,
Amir Herzberg
Comcast professor of Security Innovations, University of Connecticut
Homepage
your IP range (assuming the victim isn't some service that
your clients will want to access). If all fails then all failed.
--
Amir Herzberg
Comcast professor of Security Innovations, University of Connecticut
Homepage: https://sites.google.com/site/amirherzberg/home
Foundations of
valid reason to consider you either as the
attacker or as an (unknowning, perhaps) accomplice.
I may be wrong - sorry if so - and would appreciate, in any case, if you
can confirm or clarify, thanks.
--
Amir Herzberg
Comcast professor of Security Innovations, University of Connecticut
Home
Bart asked,
> Does someone know why these IPsec SAs are unidirectional? Usually the
> RFC describes some reasoning behind certain design decisions. However, I
> can't seem to find a justification other than "It's by design". On the
> Internet however, I read that the two SA requirement is chosen f
Dear Job and NANOG,
Just wondering, wouldn't any of you guys consider using full tables in this
case, for the ability to detect and avoid prefix hijacks (using RPKI/ROV
or other means)?
Of course, I'm focused on security, and I know this is often not a high
priority for a real network manager wh
I have no idea who was the reviewer (academic or industry or whatever).
However, he didn't actually object to the assertion that latency increases
with congestion; he only raised the question of the which latency values
would be typical/reasonable for a congestion DoS attack. Notice also that
the r
t;. It would be great if forward
> error correction could have improved that experience.
>
> Damian
>
> On Fri, Jan 24, 2020 at 7:27 PM Amir Herzberg
> wrote:
>
>> Damian, thanks!
>>
>> That's actually roughly the range of losses we focused on; but
On Sat, Jan 25, 2020 at 2:12 AM Saku Ytti wrote:
> On Sat, 25 Jan 2020 at 05:30, Amir Herzberg wrote:
>
> DDoS is very very cheap, if there is a single global egress for given
> interface then the DDoS traffic can easily be 100 times the egress
> capacity (1GE egress, 100GE
sses at 50% or more are not uncommon.
>
> Damian
>
> On Fri, Jan 24, 2020 at 4:41 AM Amir Herzberg
> wrote:
>
>> Dear NANOG,
>>
>> One of my ongoing research works is about a transport protocol that
>> ensures (critical) communication in spite of DDoS congesti
right parameters. Any chance you have such data and can share?
Many thanks!
--
Amir Herzberg
Comcast chair of security innovation, University of Connecticut
Foundations of cybersecurity
<https://www.researchgate.net/publication/323243320_Introduction_
Töma, thanks for this interesting update. The best defense against this
type of DDoS attacks seems idd to be relaying to
sufficiently-large-bandwidth cloud/CDN, and filtering TCP traffic (received
not from the relay). Such relaying should be done well - smart attacks may
still be possible for `naiv
s, but that
goal has proved quite difficult...
--
Amir Herzberg
Comcast professor for security innovation
Dept. of Computer Science and Engineering, University of Connecticut
On Sat, Aug 17, 2019 at 11:03 PM Mike wrote:
> On 8/16/19 3:04 PM, Jim Shankland wrote:
> > Greetings,
> >
ation to a nice paper exploring this issue.
BR...
--
Amir Herzberg
Comcast professor for security innovation
Dept. of Computer Science and Engineering, University of Connecticut
On Sat, Aug 17, 2019 at 6:56 PM Damian Menscher wrote:
> On Sat, Aug 17, 2019 at 3:36 PM Amir Herzberg
> wrote:
&
Hmm, I doubt this is the output of TCP amplification since Jim reported it
as SYN spoofing, i.e., SYN packets, not SYN-ACK packets (as for typical TCP
amplification). Unless the given _hosts_ respond with multiple SYN-ACKs in
which case these may be experiments by an attacker to measure if these
IP
ch - we showed how this happens with ROV in our NDSS paper on it:
https://www.ndss-symposium.org/ndss2017/ndss-2017-programme/are-we-there-yet-rpkis-deployment-and-security/
Amir Herzberg
Comcast professor for security innovation
Dept. of Computer Science and Engineering, University of Connect
cises (a fair number and quite challenging).
But lectures (pptx) are already available on most topics, incl. routing
security.
Hope some of you may find these of some use; feedback welcome (probably by
private mail would be better).
Best, Amir
--
Amir Herzberg
Comcast professor for security
o some non-conforming networks.
- Is there an agreed-upon list of the forums and mailing lists on which one
should warn in advance about such planned announcements, and the details
that should be included?
Thanks, Amir
--
Amir Herzberg
Comcast professor for security innovation
Dept. of Computer S
50 matches
Mail list logo
