ietf
[Top] [All Lists]

IAB open discussion topic at Thursday's Plenary of IETF58

2003-11-11 12:44:39

This is what the IAB is intending as an open discussion topic at
Thursday's plenary (total topic time is something like 45 min).
As noted below -- it's expected to be an interactive session, so
please come prepared to offer considered input!

Leslie.


Open Architecture Discussion Topic:
 Are Insecurities at the Edge the Biggest Challenge Yet
      to the End-to-End Model of the Internet?


When we think of DDOS and Internet-propagated virii, we typically focus
on the bad behaviour of the instigator.  And, as recent years have seen
a massive increase in the amount of malicious and/or unsolicited traffic
on the Internet -- denial of service attacks, worms, virii,
spam -- we are painfully aware of the costs.   Not only
end-users are impacted, in the case of spam:  anyone setting up mail
service has to provision it to handle the amount of traffic it will get,
not just the amount of legitimate traffic.

Looking at the rate of increase of these attacks -- e.g., the
spike in spam after the SoBig virus was detected -- it seems that the
viral nature of propagation has its own set of implications:  not only
must we deploy countermeasures within the network to avoid the flattening
of endpoints under attack, it is increasingly obvious that "endpoints" as
we know them cannot be trusted.

If endpoints cannot be trusted, then the proposed longer term
solutions for spam that are based on authenticating senders via credentials
will not succeed as the only solution.

Imagine if you will a situation where if present trends continue we might
project seeing things such as the following:

a. Continuous DDOS attacks against the Internet infrastructure.
b. Releases of multiple CERT advisories *every day*
c. Virus traffic + spam + patches + file "sharing" traffic comprising the 
overwhelming
  fraction of total Internet bandwidth
d. Organizations restricting or actually *decommissioning* use of email.


The combination of all these trends makes the threat to the end-to-end model from NAT or filtering look fairly minor.

This discussion will include brief presentations outlining some metrics
used to determine the trendlines and attempt to determine the current scope
of the problem and the slope of the trend line.

The important points for further discussion are:
1/ what are some of the additional implications, in terms of
   work the IETF could and should be doing?

2/ since the data shows that a substantial amount of malicious
traffic (worms, ddos, virus propagation) is virally generated and operating with the full rights and priviledges of some real user, to what extent is conventional authentication & authorization technology useful?


This is meant to be an interactive discussion amongst all the engineers
and architects in the plenary; please come prepared to share thoughts
and pointers.


--

-------------------------------------------------------------------
"Reality:
     Yours to discover."
-- ThinkingCat
Leslie Daigle
leslie(_at_)thinkingcat(_dot_)com
-------------------------------------------------------------------





<Prev in Thread] Current Thread [Next in Thread>