This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/
[mat-wg] [Fwd: Community suggestion for ATLAS spoof test]
- Previous message (by thread): [mat-wg] [Fwd: Community suggestion for ATLAS spoof test]
- Next message (by thread): [mat-wg] [Fwd: Community suggestion for ATLAS spoof test]
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Benno Overeinder
benno at NLnetLabs.nl
Tue May 21 16:21:27 CEST 2013
Restating my comments on the mike at the MAT WG meeting here on the mailing list. On 5/16/13 1:13 AM, Daniel Karrenberg wrote: > I know that you intend to limit the risk by restricting source > addresses and of course by getting consent of the probe hosts. I am > just afraid that even asking the question will make some hosts doubt > that we will not harm their networks and their connectivity. We have > to realise that not all the hosts will share our enthusiasm about new > experiments and the more hosts we will need to find, the less of them > will be as open minded as we are ourselves. I understand the concern of some operators in allowing spoofed packets on their networks. The use of Atlas probes as origin of spoofed packets, and its impact on trust and confidence in these probes, need careful consideration. But in this discussion of using Atlas for spoofed traffic analysis, the goals of the experiment, the scope, data gathering and analysis are also important. If we can define them well, we (the RIPE community at large) can communicate the experiment and its impact clearly with operators, and gain sufficient acceptance to run a relevant (statistically) experiment. The goals of anti-spoofing experiments can be diverse, but in recent discussions on mailing lists and RIPE meeting, it mostly amounts to raising BCP38 (ingress filtering) awareness, gathering aggregated statistics, and informing network operators about security risks (in their networks). Even though as a network researcher I would be quite happy to run these experiments myself, I can understand that it would be more credible (reasonable/acceptable) that only a limited experiment is run by one group of people. The group of people and the limited experiment can be under examination of the RIPE Atlas community. This group of people can be RIPE NCC staff, a representative group from MAT WG participants, or (most probably) a mix of both. The limited experiment is a well-defined experiment in which Atlas probes use spoofed IP addresses from one or more specific prefix blocks, during a specific time period (e.g. a week), and with a specific frequency (e.g. twice a year---a month before a RIPE meeting). And finally, we have to discuss the availability of the measurement data. Open to everyone for analysis, after some post-processing, or aggregated statistics. Personally for me, data access as open as possible. During the MAT WG there was also an opt-in/opt-out discussion. And as was stated by Randy (different wording, but in essence---please correct me), is that with opt-in we only see the networks that are confident and have BCP38 in place. Opt-out would be preferred to ensure (or make it more likely) we see a more representative part of the network (hosting an Atlas probe). -- Benno -- Benno J. Overeinder NLnet Labs http://www.nlnetlabs.nl/
- Previous message (by thread): [mat-wg] [Fwd: Community suggestion for ATLAS spoof test]
- Next message (by thread): [mat-wg] [Fwd: Community suggestion for ATLAS spoof test]
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ mat-wg Archives ]