[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[MMUSIC] draft-ietf-mmusic-ice-05: Issue with handling when doing DDoS prevention

To: Jonathan Rosenberg <jdrosen at cisco.com>, "mmusic (E-mail)" <mmusic at ietf.org>
Subject: [MMUSIC] draft-ietf-mmusic-ice-05: Issue with handling when doing DDoS prevention
From: Magnus Westerlund <magnus.westerlund at ericsson.com>
Date: Tue, 02 Aug 2005 18:56:42 +0200
Cc:
List-help: <mailto:mmusic-request@ietf.org?subject=help>
List-id: Multiparty Multimedia Session Control Working Group <mmusic.ietf.org>
List-post: <mailto:mmusic@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/mmusic>, <mailto:mmusic-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/mmusic>, <mailto:mmusic-request@ietf.org?subject=unsubscribe>
Sender: mmusic-bounces at ietf.org
User-agent: Mozilla Thunderbird 1.0.5 (Windows/20050711)

Hi,

If one likes to do DDos prevention as a media sender. How does that actually work in ICE when doing offer/answer?

First of all, having the active address and sending media during the ICE exchange do allow one to use the ICE connectivity checking time to deliver media to a target of a DDos. Should there be any recommendations around this behavior? As I see it one can do a few things.

1. Put media transmission on hold during the initial establishment.

2. Allow the media transmission for a specific period that should allow the ICE process to conclude and the media delivery verification to complete.

3. Do 2 and specify limits on media bandwidths allowed during the initial period.

Secondly what happens when the ICE exchange results in a re-invite but the other end point (B) does not yet have received an answer from (A) on its own binding requests. Also here there are several different results that one could see.

1. Not respond until B has verified binding requests in direction B->A. Prevents us sending anything else than STUN binding requests and do that according to the retransmission timers in STUN.

2. Answer directly and do the verification later. Allows media to be sent directly. However it does allow an attacker to get media sent to a target for a while longer.

So I think the problem boils down to a first fundamental question:

Is is okay to send media before verification has been successful?

and if it is, how much?

if not, then we need to look into the issue in signalling. Can one hold of a response and are the needs to do a 1xx response?

I definitely see a problem if one would allow media transmission without any limitations for times up to the 50 second timer in ICE. There clearly needs to be some limitations in an open network.

Cheers

Magnus Westerlund

Multimedia Technologies, Ericsson Research EAB/TVA/A
----------------------------------------------------------------------
Ericsson AB                | Phone +46 8 4048287
Torshamsgatan 23           | Fax   +46 8 7575550
S-164 80 Stockholm, Sweden | mailto: magnus.westerlund at ericsson.com

_______________________________________________
mmusic mailing list
mmusic at ietf.org
https://www1.ietf.org/mailman/listinfo/mmusic

Follow-Ups:
- [MMUSIC] Re: draft-ietf-mmusic-ice-05: Issue with handling when doing DDoS prevention
  - From: Jonathan Rosenberg

Prev by Date: [MMUSIC] draft-ietf-mmusic-ice-05: TCP keep-alive of bindings
Next by Date: [MMUSIC] Details on Real-time ECN and RTP Payload Format for ECN Probing@nortel.com
Previous by thread: [MMUSIC] draft-ietf-mmusic-ice-05: TCP keep-alive of bindings
Next by thread: [MMUSIC] Re: draft-ietf-mmusic-ice-05: Issue with handling when doing DDoS prevention
Index(es):
- Date
- Thread