<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<style type="text/css" style="display:none;"> P {margin-top:0;margin-bottom:0;} </style>
</head>
<body dir="ltr">
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
Toma,</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
You are rising interesting issues.</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
It will be interesting to hear from hardware engineers that are working in the routing equipment manufaturers.<br>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
Even that not any router is DPI as you wrote, BGP routers have ACL's functionality, for implementing the ACL checks - the firmware is inspecting the ip packet in some way, an inspection is being done to the ip packet in any BGP router that support ACL's.<br>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
Respectfully,
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
Elad<br>
</div>
<div id="appendonsend"></div>
<hr style="display:inline-block;width:98%" tabindex="-1">
<div id="divRplyFwdMsg" dir="ltr"><font face="Calibri, sans-serif" style="font-size:11pt" color="#000000"><b>From:</b> Töma Gavrichenkov <ximaera@gmail.com><br>
<b>Sent:</b> Friday, May 1, 2020 12:58 AM<br>
<b>To:</b> Elad Cohen <elad@netstyle.io><br>
<b>Cc:</b> members-discuss@ripe.net <members-discuss@ripe.net><br>
<b>Subject:</b> Re: [members-discuss] Technical solution to resolve Spoofed IP traffic, Spoofed amplification DDoS attacks, BGP&RIR hijacking, IoT botnet infections and Botnet C&Cs</font>
<div> </div>
</div>
<div class="BodyFragment"><font size="2"><span style="font-size:11pt;">
<div class="PlainText">Ah yes!!<br>
<br>
On Thu, Apr 30, 2020 at 11:31 PM Elad Cohen <elad@netstyle.io> wrote:<br>
> - The data field in an ip packet - will always<br>
> be the same for an access attempt to a IoT<br>
> device with default credentials - hence these<br>
> kind of "IP protocol data fingerprints" which<br>
> are related to specific "IP protocol numbers"<br>
> will be provided by ICANN backend<br>
> infrastructure to each BGP router through<br>
> the opened session with it.<br>
<br>
Everywhere except for China and, possibly, North Korea, border routers<br>
are *not* DPI devices. Hence they don't have an *ability* to *look*<br>
through the IP packet data, let alone apply any checksums or<br>
fingerprints.<br>
<br>
Otherwise, gosh, TCP with its checksums wouldn't have been necessary.<br>
<br>
A DPI device costs I think 500 times more than a typical border<br>
routing device in use in Europe. (this is a rough estimation based on<br>
the packet length, it might be slight less or a couple orders of<br>
magnitude more than that)<br>
<br>
And yes. This solution requires a complete *hardware* update to all<br>
the border routers. I think that's a concept for a PhD topic in<br>
economy (quite possibly also a Nobel prize) rather than for a<br>
members-discuss thread.<br>
<br>
P.S. I want to reiterate that those topics are relevant to<br>
secdispatch@ietf.org. Only after they are submitted as an I-D and<br>
dispatched to a working group, AND the working group accepts the I-D<br>
as a working group draft, they are on-topic in here. Otherwise, they<br>
are off-topic. Thank you in advance for understanding.<br>
<br>
--<br>
Töma<br>
</div>
</span></font></div>
</body>
</html>