<html>
  <head>
    <meta http-equiv="Content-Type" content="text/html;
      charset=windows-1252">
  </head>
  <body>
    <p>Hi!</p>
    <p><br>
    </p>
    <p>What about the internet traffic in doubling every packet and the
      electrical power to do the cryptographic operations? Or do you
      want to make every router in the world stateful?</p>
    <p><br>
    </p>
    <p>As much as I would love to see you elected and make a complete
      fool of yourself, I can not risk the reputation of RIPE... At the
      moment I do not fancy any candidate, nor do I support one.<br>
    </p>
    <p><br>
    </p>
    <p>Matthias</p>
    <p><br>
    </p>
    <div class="moz-cite-prefix">Am 30.04.20 um 22:50 schrieb Elad
      Cohen:<br>
    </div>
    <blockquote type="cite"
cite="mid:DB7PR10MB21546F7DA561E7F37E0226B6D6AA0@DB7PR10MB2154.EURPRD10.PROD.OUTLOOK.COM">
      <meta http-equiv="Content-Type" content="text/html;
        charset=windows-1252">
      <style type="text/css" style="display:none;"> P {margin-top:0;margin-bottom:0;} </style>
      <div style="font-family: Calibri, Arial, Helvetica, sans-serif;
        font-size: 12pt; color: rgb(0, 0, 0);">
        Stuart,</div>
      <div style="font-family: Calibri, Arial, Helvetica, sans-serif;
        font-size: 12pt; color: rgb(0, 0, 0);">
        <br>
      </div>
      <div style="font-family: Calibri, Arial, Helvetica, sans-serif;
        font-size: 12pt; color: rgb(0, 0, 0);">
        Not anyone can afford DDoS mitigation service and many in the
        Internet don't have such service including in the Ripe region,
        and even for the ones that are paying for expensive DDoS
        mitigation service -  DDoS attacks are using internet traffic,
        are using electrical power, interfering to access services,
        generating crime. If I will have the honor of being elected then
        I will implement it all for the best of everyone including
        negative members like you.</div>
      <div style="font-family: Calibri, Arial, Helvetica, sans-serif;
        font-size: 12pt; color: rgb(0, 0, 0);">
        <br>
      </div>
      <div style="font-family: Calibri, Arial, Helvetica, sans-serif;
        font-size: 12pt; color: rgb(0, 0, 0);">
        Respectfully,</div>
      <div style="font-family: Calibri, Arial, Helvetica, sans-serif;
        font-size: 12pt; color: rgb(0, 0, 0);">
        Elad<br>
      </div>
      <hr style="display:inline-block;width:98%" tabindex="-1">
      <div id="divRplyFwdMsg" dir="ltr"><font style="font-size:11pt"
          face="Calibri, sans-serif" color="#000000"><b>From:</b> Stuart
          Willet (primary) <a class="moz-txt-link-rfc2396E" href="mailto:stu@safehosts.co.uk"><stu@safehosts.co.uk></a><br>
          <b>Sent:</b> Thursday, April 30, 2020 11:44 PM<br>
          <b>To:</b> Elad Cohen <a class="moz-txt-link-rfc2396E" href="mailto:elad@netstyle.io"><elad@netstyle.io></a>;
          <a class="moz-txt-link-abbreviated" href="mailto:members-discuss@ripe.net">members-discuss@ripe.net</a> <a class="moz-txt-link-rfc2396E" href="mailto:members-discuss@ripe.net"><members-discuss@ripe.net></a><br>
          <b>Subject:</b> RE: Technical solution to resolve Spoofed IP
          traffic, Spoofed amplification DDoS attacks, BGP&RIR
          hijacking, IoT botnet infections and Botnet C&Cs</font>
        <div> </div>
      </div>
      <style>
<!--
@font-face
        {font-family:"Cambria Math"}
@font-face
        {font-family:Calibri}
p.x_MsoNormal, li.x_MsoNormal, div.x_MsoNormal
        {margin:0cm;
        margin-bottom:.0001pt;
        font-size:12.0pt;
        font-family:"Times New Roman",serif}
a:link, span.x_MsoHyperlink
        {color:#0563C1;
        text-decoration:underline}
a:visited, span.x_MsoHyperlinkFollowed
        {color:#954F72;
        text-decoration:underline}
p
        {margin:0cm;
        margin-bottom:.0001pt;
        font-size:12.0pt;
        font-family:"Times New Roman",serif}
p.x_msonormal0, li.x_msonormal0, div.x_msonormal0
        {margin:0cm;
        margin-bottom:.0001pt;
        font-size:12.0pt;
        font-family:"Times New Roman",serif}
p.x_xmsonormal, li.x_xmsonormal, div.x_xmsonormal
        {margin:0cm;
        margin-bottom:.0001pt;
        font-size:12.0pt;
        font-family:"Times New Roman",serif}
p.x_xmsonormal0, li.x_xmsonormal0, div.x_xmsonormal0
        {margin:0cm;
        margin-bottom:.0001pt;
        font-size:12.0pt;
        font-family:"Times New Roman",serif}
p.x_xmsochpdefault, li.x_xmsochpdefault, div.x_xmsochpdefault
        {margin:0cm;
        margin-bottom:.0001pt;
        font-size:10.0pt;
        font-family:"Times New Roman",serif}
span.x_xmsohyperlink
        {color:#0563C1;
        text-decoration:underline}
span.x_xmsohyperlinkfollowed
        {color:#954F72;
        text-decoration:underline}
span.x_xemailstyle19
        {font-family:"Calibri",sans-serif;
        color:#1F497D}
span.x_EmailStyle25
        {font-family:"Calibri",sans-serif;
        color:#1F497D}
.x_MsoChpDefault
        {font-size:10.0pt}
@page WordSection1
        {margin:72.0pt 72.0pt 72.0pt 72.0pt}
div.x_WordSection1
        {}
-->
</style>
      <div link="#0563C1" vlink="#954F72" lang="EN-GB">
        <div class="x_WordSection1">
          <p class="x_MsoNormal"><span style="font-size:11.0pt;
              font-family:"Calibri",sans-serif; color:#1F497D">Elad,</span></p>
          <p class="x_MsoNormal"><span style="font-size:11.0pt;
              font-family:"Calibri",sans-serif; color:#1F497D"> </span></p>
          <p class="x_MsoNormal"><span style="font-size:11.0pt;
              font-family:"Calibri",sans-serif; color:#1F497D">I
              have not attacked you, just pointing out the incredibly
              impossible task you wish to be undertaken.<br>
              As for costs, we currently use a DDoS mitigation service.</span></p>
          <p class="x_MsoNormal"><span style="font-size:11.0pt;
              font-family:"Calibri",sans-serif; color:#1F497D"> </span></p>
          <p class="x_MsoNormal"><span style="font-size:11.0pt;
              font-family:"Calibri",sans-serif; color:#1F497D">Your
              solution is not feasible, full stop.</span></p>
          <p class="x_MsoNormal"><span style="font-size:11.0pt;
              font-family:"Calibri",sans-serif; color:#1F497D"> </span></p>
          <p class="x_MsoNormal"><span style="font-size:11.0pt;
              font-family:"Calibri",sans-serif; color:#1F497D">Respectfully,</span></p>
          <p class="x_MsoNormal"><span style="font-size:11.0pt;
              font-family:"Calibri",sans-serif; color:#1F497D"> </span></p>
          <p class="x_MsoNormal"><span style="font-size:11.0pt;
              font-family:"Calibri",sans-serif; color:#1F497D">Stuart
              Willet.</span></p>
          <p class="x_MsoNormal"><span style="font-size:11.0pt;
              font-family:"Calibri",sans-serif; color:#1F497D"> </span></p>
          <div>
            <div style="border:none; border-top:solid #E1E1E1 1.0pt;
              padding:3.0pt 0cm 0cm 0cm">
              <p class="x_MsoNormal"><b><span style="font-size:11.0pt;
                    font-family:"Calibri",sans-serif"
                    lang="EN-US">From:</span></b><span
                  style="font-size:11.0pt;
                  font-family:"Calibri",sans-serif"
                  lang="EN-US"> Elad Cohen [<a class="moz-txt-link-freetext" href="mailto:elad@netstyle.io">mailto:elad@netstyle.io</a>]
                  <br>
                  <b>Sent:</b> 30 April 2020 21:42<br>
                  <b>To:</b> Stuart Willet (primary)
                  <a class="moz-txt-link-rfc2396E" href="mailto:stu@safehosts.co.uk"><stu@safehosts.co.uk></a>; <a class="moz-txt-link-abbreviated" href="mailto:members-discuss@ripe.net">members-discuss@ripe.net</a><br>
                  <b>Subject:</b> Re: Technical solution to resolve
                  Spoofed IP traffic, Spoofed amplification DDoS
                  attacks, BGP&RIR hijacking, IoT botnet infections
                  and Botnet C&Cs</span></p>
            </div>
          </div>
          <p class="x_MsoNormal"> </p>
          <div>
            <p class="x_MsoNormal"><span
                style="font-family:"Calibri",sans-serif;
                color:black">Stuart,</span></p>
          </div>
          <div>
            <p class="x_MsoNormal"><span
                style="font-family:"Calibri",sans-serif;
                color:black"> </span></p>
          </div>
          <div>
            <p class="x_MsoNormal"><span
                style="font-family:"Calibri",sans-serif;
                color:black">You are willing to sacrifice the good of
                the community for a personal attack against me.
                Regarding what you wrote: do you know how many compute
                time is wasted for all the current DDoS attacks that
                this solution will not resolve ? do you know how many
                costs involved for organizations and companies which are
                under DDoS attacks ? when you compare the current to the
                state of this solution then this solution is by far
                better than the current state.</span></p>
          </div>
          <div>
            <p class="x_MsoNormal"><span
                style="font-family:"Calibri",sans-serif;
                color:black"> </span></p>
          </div>
          <div>
            <p class="x_MsoNormal"><span
                style="font-family:"Calibri",sans-serif;
                color:black">Respectfully,</span></p>
          </div>
          <div>
            <p class="x_MsoNormal"><span
                style="font-family:"Calibri",sans-serif;
                color:black">Elad</span></p>
          </div>
          <div class="x_MsoNormal" style="text-align:center"
            align="center">
            <hr width="98%" size="2" align="center">
          </div>
          <div id="x_divRplyFwdMsg">
            <p class="x_MsoNormal"><b><span style="font-size:11.0pt;
                  font-family:"Calibri",sans-serif;
                  color:black">From:</span></b><span
                style="font-size:11.0pt;
                font-family:"Calibri",sans-serif; color:black">
                Stuart Willet (primary) <<a
                  href="mailto:stu@safehosts.co.uk"
                  moz-do-not-send="true">stu@safehosts.co.uk</a>><br>
                <b>Sent:</b> Thursday, April 30, 2020 11:39 PM<br>
                <b>To:</b> Elad Cohen <<a
                  href="mailto:elad@netstyle.io" moz-do-not-send="true">elad@netstyle.io</a>>;
                <a href="mailto:members-discuss@ripe.net"
                  moz-do-not-send="true">
                  members-discuss@ripe.net</a> <<a
                  href="mailto:members-discuss@ripe.net"
                  moz-do-not-send="true">members-discuss@ripe.net</a>><br>
                <b>Subject:</b> RE: Technical solution to resolve
                Spoofed IP traffic, Spoofed amplification DDoS attacks,
                BGP&RIR hijacking, IoT botnet infections and Botnet
                C&Cs</span>
            </p>
            <div>
              <p class="x_MsoNormal"> </p>
            </div>
          </div>
          <div>
            <div>
              <p class="x_xmsonormal"><span style="font-size:11.0pt;
                  font-family:"Calibri",sans-serif;
                  color:#1F497D">In fairness, I couldn’t even be
                  bothered reading further than the worlds BGP routers
                  needing a firmware update to DOUBLE packet count
                  whilst adding compute time at an individual packet
                  level.</span></p>
              <p class="x_xmsonormal"><span style="font-size:11.0pt;
                  font-family:"Calibri",sans-serif;
                  color:#1F497D">Another idea, slightly marred by the
                  unfathomable costs involved, along with its logistic
                  impossibility.</span></p>
              <p class="x_xmsonormal"><span style="font-size:11.0pt;
                  font-family:"Calibri",sans-serif;
                  color:#1F497D"> </span></p>
              <p class="x_xmsonormal"><span style="font-size:11.0pt;
                  font-family:"Calibri",sans-serif;
                  color:#1F497D">/me sits back and grabs the popcorn…..</span></p>
              <p class="x_xmsonormal"><span style="font-size:11.0pt;
                  font-family:"Calibri",sans-serif;
                  color:#1F497D"> </span></p>
              <div>
                <div style="border:none; border-top:solid #E1E1E1 1.0pt;
                  padding:3.0pt 0cm 0cm 0cm">
                  <p class="x_xmsonormal"><b><span
                        style="font-size:11.0pt;
                        font-family:"Calibri",sans-serif"
                        lang="EN-US">From:</span></b><span
                      style="font-size:11.0pt;
                      font-family:"Calibri",sans-serif"
                      lang="EN-US"> members-discuss [<a
                        href="mailto:members-discuss-bounces@ripe.net"
                        moz-do-not-send="true">mailto:members-discuss-bounces@ripe.net</a>]
                      <b>On Behalf Of </b>Elad Cohen<br>
                      <b>Sent:</b> 30 April 2020 21:31<br>
                      <b>To:</b> <a
                        href="mailto:members-discuss@ripe.net"
                        moz-do-not-send="true">members-discuss@ripe.net</a><br>
                      <b>Subject:</b> [members-discuss] Technical
                      solution to resolve Spoofed IP traffic, Spoofed
                      amplification DDoS attacks, BGP&RIR hijacking,
                      IoT botnet infections and Botnet C&Cs</span></p>
                </div>
              </div>
              <p class="x_xmsonormal"> </p>
              <div>
                <div>
                  <p class="x_xmsonormal"><span
                      style="font-family:"Calibri",sans-serif;
                      color:black">Hello Ripe Members!</span></p>
                </div>
                <div>
                  <p class="x_xmsonormal"><span
                      style="font-family:"Calibri",sans-serif;
                      color:black"> </span></p>
                </div>
                <div>
                  <p class="x_xmsonormal"><span
                      style="font-family:"Calibri",sans-serif;
                      color:black">I will share the following solution
                      in the near General Meeting and I'm interested to
                      share the following technical solution with you as
                      well, it will completely resolve: Spoofed IP
                      traffic, Spoofed amplification DDoS attacks,
                      BGP&RIR hijacking. And will dramatically
                      lower: IoT botnet infections and Botnet C&Cs.</span></p>
                </div>
                <div>
                  <p class="x_xmsonormal"><span
                      style="font-family:"Calibri",sans-serif;
                      color:black"> </span></p>
                </div>
                <div>
                  <p class="x_xmsonormal"><span
                      style="font-family:"Calibri",sans-serif;
                      color:black">By a single update to any BGP router,
                      not any router needs to be updated, only active
                      BGP routers. If I will have the honor of being
                      elected to the Ripe Board I will harness all the
                      power of Ripe and all of the 5 RIR's and all of
                      the LIR's in the 5 RIR's so routing manufacturing
                      companies will implement the below processes and
                      methods with a single firmware update to their BGP
                      routers.
                    </span></p>
                </div>
                <div>
                  <p class="x_xmsonormal"><span
                      style="font-family:"Calibri",sans-serif;
                      color:black"> </span></p>
                </div>
                <div>
                  <p class="x_xmsonormal"><span
                      style="font-family:"Calibri",sans-serif;
                      color:black">I'm asking for your support in
                      electing me so I will be able to enter the Ripe
                      Board and then I will be able to make everything
                      which is written in this post to come true.</span></p>
                </div>
                <div>
                  <p class="x_xmsonormal"><span
                      style="font-family:"Calibri",sans-serif;
                      color:black"> </span></p>
                </div>
                <div>
                  <p class="x_xmsonormal"><span
                      style="font-family:"Calibri",sans-serif;
                      color:black"> </span></p>
                </div>
                <div>
                  <p class="x_xmsonormal"><span
                      style="font-family:"Calibri",sans-serif;
                      color:black">Regarding the bgp-anycasted
                      infrastructure written below, ICANN is written but
                      the global bgp-anycasted infrastructure can be
                      managed by the 5 RIR's and/or by the ccTLDs
                      registries (my main point is that who will operate
                      the bgp-anycasted infrastructure is not important
                      for now, as long as it will be an agreed
                      authoritative non-governmental non-commercial
                      global entity/ies)</span></p>
                </div>
                <div>
                  <p class="x_xmsonormal"><span
                      style="font-family:"Calibri",sans-serif;
                      color:black"> </span></p>
                  <div>
                    <p class="x_xmsonormal"><span
                        style="font-family:"Calibri",sans-serif;
                        color:black">With new tracking protocol over ip,
                        routers will be able to confirm that source ip
                        came from the network of the announcing ASN, and
                        hence spoofed amplification DDoS attacks will be
                        completely annihilated.</span></p>
                  </div>
                </div>
                <div>
                  <p class="x_xmsonormal"><span
                      style="font-family:"Calibri",sans-serif;
                      color:black"> </span></p>
                </div>
                <div>
                  <p class="x_xmsonormal"><span
                      style="font-family:"Calibri",sans-serif;
                      color:black"> </span></p>
                  <div>
                    <p class="x_xmsonormal"><span
                        style="font-family:"Calibri",sans-serif;
                        color:black">The Process:</span></p>
                  </div>
                  <div>
                    <p class="x_xmsonormal"><span
                        style="font-family:"Calibri",sans-serif;
                        color:black"> </span></p>
                  </div>
                  <div>
                    <p class="x_xmsonormal"><span
                        style="font-family:"Calibri",sans-serif;
                        color:black">At the source BGP router, for any
                        ip packet with a source address that is from the
                        network of the source BGP router (lets call it
                        original ip packet) - the source BGP router will
                        create a new ip packet (lets call it tracking ip
                        packet) with a new transport layer protocol and
                        with the same source address and with the same
                        destination address and with the same IP-ID such
                        as the original ip packet.</span></p>
                  </div>
                  <div>
                    <p class="x_xmsonormal"><span
                        style="font-family:"Calibri",sans-serif;
                        color:black"> </span></p>
                  </div>
                  <div>
                    <p class="x_xmsonormal"><span
                        style="font-family:"Calibri",sans-serif;
                        color:black">In the new tracking ip packet there
                        will be a new transport layer protocol (tracking
                        protocol) with the following fields:</span></p>
                  </div>
                  <div>
                    <p class="x_xmsonormal"><span
                        style="font-family:"Calibri",sans-serif;
                        color:black">AS number of source BGP router in
                        clear text</span></p>
                  </div>
                  <div>
                    <p class="x_xmsonormal"><span
                        style="font-family:"Calibri",sans-serif;
                        color:black">AS number of source BGP router
                        encrypted with the private key of the source BGP
                        router</span></p>
                  </div>
                  <div>
                    <p class="x_xmsonormal"><span
                        style="font-family:"Calibri",sans-serif;
                        color:black"> </span></p>
                  </div>
                  <div>
                    <p class="x_xmsonormal"><span
                        style="font-family:"Calibri",sans-serif;
                        color:black">The destination BGP router (a BGP
                        router that the destination address is in its
                        network) whenever it receive a 'tracking ip
                        packet' will check if its have the internal
                        boolean 'Check tracking flag' in it - 'on' or
                        'off':</span></p>
                  </div>
                  <div>
                    <p class="x_xmsonormal"><span
                        style="font-family:"Calibri",sans-serif;
                        color:black">If 'off' then the destination BGP
                        router will drop that 'tracking ip packet'</span></p>
                  </div>
                  <div>
                    <p class="x_xmsonormal"><span
                        style="font-family:"Calibri",sans-serif;
                        color:black"> </span></p>
                  </div>
                  <div>
                    <p class="x_xmsonormal"><span
                        style="font-family:"Calibri",sans-serif;
                        color:black">If 'on' then the destination BGP
                        router will decrypt the 'encrypted AS number'
                        with the public key of the specific AS number</span></p>
                  </div>
                  <div>
                    <p class="x_xmsonormal"><span
                        style="font-family:"Calibri",sans-serif;
                        color:black">and after decryption the AS number
                        need to be the result:</span></p>
                  </div>
                  <div>
                    <p class="x_xmsonormal"><span
                        style="font-family:"Calibri",sans-serif;
                        color:black">if not then to drop the tracking ip
                        packet and the original ip packet related to it</span></p>
                  </div>
                  <div>
                    <p class="x_xmsonormal"><span
                        style="font-family:"Calibri",sans-serif;
                        color:black">if yes then to drop the tracking ip
                        packet and to forward the related original ip
                        packet to destination but only if the source
                        address is originated from the specific ASN
                        (according to the local ASNs+ranges table in the
                        BGP router, such table will be received from
                        ICANN)</span></p>
                  </div>
                  <div>
                    <p class="x_xmsonormal"><span
                        style="font-family:"Calibri",sans-serif;
                        color:black"> </span></p>
                  </div>
                  <div>
                    <p class="x_xmsonormal"><span
                        style="font-family:"Calibri",sans-serif;
                        color:black"> </span></p>
                  </div>
                  <div>
                    <p class="x_xmsonormal"><span
                        style="font-family:"Calibri",sans-serif;
                        color:black">If the 'Check tracking flag' is set
                        to 'on' then any original ip packet that arrive
                        to the destination BGP router will wait for the
                        related tracking ip packet (in case the related
                        tracking ip packet didn't already arrived to the
                        destination BGP router). The destination BGP
                        router will manage such waiting for X number of
                        seconds.</span></p>
                  </div>
                  <div>
                    <p class="x_xmsonormal"><span
                        style="font-family:"Calibri",sans-serif;
                        color:black"> </span></p>
                  </div>
                  <div>
                    <p class="x_xmsonormal"><span
                        style="font-family:"Calibri",sans-serif;
                        color:black">The destination BGP router will
                        match between a tracking ip packet and an
                        original ip packet - based on their source
                        address and their destination address and their
                        IP-ID which will all be identical.</span></p>
                  </div>
                  <div>
                    <p class="x_xmsonormal"><span
                        style="font-family:"Calibri",sans-serif;
                        color:black"> </span></p>
                  </div>
                  <div>
                    <p class="x_xmsonormal"><span
                        style="font-family:"Calibri",sans-serif;
                        color:black"> </span></p>
                  </div>
                  <div>
                    <p class="x_xmsonormal"><span
                        style="font-family:"Calibri",sans-serif;
                        color:black"> </span></p>
                  </div>
                  <div>
                    <p class="x_xmsonormal"><span
                        style="font-family:"Calibri",sans-serif;
                        color:black">More Aspects:</span></p>
                  </div>
                  <div>
                    <p class="x_xmsonormal"><span
                        style="font-family:"Calibri",sans-serif;
                        color:black"> </span></p>
                  </div>
                  <div>
                    <p class="x_xmsonormal"><span
                        style="font-family:"Calibri",sans-serif;
                        color:black">- The end-devices will not need to
                        be updated, any router will not need to be
                        updated, only all the BGP routers will need to
                        be updated.</span></p>
                  </div>
                  <div>
                    <p class="x_xmsonormal"><span
                        style="font-family:"Calibri",sans-serif;
                        color:black">- Any BGP router in the routing
                        path, which the original ip packet and the
                        tracking ip packet are not destined to an ip
                        address in its own network - will not check the
                        content of the tracking ip packet and will
                        forward both the tracking ip packet and the
                        original ip packet as they are.</span></p>
                  </div>
                  <div>
                    <p class="x_xmsonormal"><span
                        style="font-family:"Calibri",sans-serif;
                        color:black">- Each BGP router will have all the
                        public keys (of all the ASN's) locally.</span></p>
                  </div>
                  <div>
                    <p class="x_xmsonormal"><span
                        style="font-family:"Calibri",sans-serif;
                        color:black">- Each BGP router will have a full
                        list of all the ASN's and all the route objects
                        ranges which are related to them locally.</span></p>
                  </div>
                  <div>
                    <p class="x_xmsonormal"><span
                        style="font-family:"Calibri",sans-serif;
                        color:black"> </span></p>
                  </div>
                  <div>
                    <p class="x_xmsonormal"><span
                        style="font-family:"Calibri",sans-serif;
                        color:black"> </span></p>
                  </div>
                  <div>
                    <p class="x_xmsonormal"><span
                        style="font-family:"Calibri",sans-serif;
                        color:black"> </span></p>
                  </div>
                  <div>
                    <p class="x_xmsonormal"><span
                        style="font-family:"Calibri",sans-serif;
                        color:black">How BGP routers will receive all
                        the ranges in all the route objects of all the
                        ASNs (in the 5 RIRs) and all the public keys of
                        all the ASNs (for decrypting the encrypted
                        strings in 'tracking ip packets'):</span></p>
                  </div>
                  <div>
                    <p class="x_xmsonormal"><span
                        style="font-family:"Calibri",sans-serif;
                        color:black"> </span></p>
                  </div>
                  <div>
                    <p class="x_xmsonormal"><span
                        style="font-family:"Calibri",sans-serif;
                        color:black">- Each BGP router will create a tcp
                        session with ICANN backend infrastructure (the
                        backend infrastructure of ICANN will use BGP
                        anycast and will be available from many
                        locations worldwide with automatic syncing)</span></p>
                  </div>
                  <div>
                    <p class="x_xmsonormal"><span
                        style="font-family:"Calibri",sans-serif;
                        color:black">- At this stage there will be a
                        handshake process between the BGP router and the
                        ICANN backend infrastructure in order for ICANN
                        to know the correct ASN which is operating the
                        BGP router - the BGP router will send its ASN in
                        cleartext and also its ASN encrypted with its
                        ICANN-communication-private-key , ICANN will
                        know the related public key for the specific ASN
                        from the specific ASN object in the RIR (the
                        public key for communication with ICANN will be
                        displayed there) - after decryption ICANN will
                        compare the decrypted string to the AS Number
                        for successful authentication.</span></p>
                  </div>
                  <div>
                    <p class="x_xmsonormal"><span
                        style="font-family:"Calibri",sans-serif;
                        color:black">- After successful authentication,
                        all the communication will be encrypted, ICANN
                        will notify the BGP router about its public key
                        and ICANN will use the public key of the ASN for
                        the communication with ICANN - from the ASN
                        object in the RIR.</span></p>
                  </div>
                  <div>
                    <p class="x_xmsonormal"><span
                        style="font-family:"Calibri",sans-serif;
                        color:black">- The BGP router will send over the
                        session its public key to be used by other BGP
                        routers in order to decrypt the encrypted string
                        in the tracking ip packets that it will
                        originate (that private key and public key will
                        be managed in the BGP router GUI or CLI).</span></p>
                  </div>
                  <div>
                    <p class="x_xmsonormal"><span
                        style="font-family:"Calibri",sans-serif;
                        color:black">- ICANN will notify all the other
                        BGP routers through the sessions with them about
                        a newly updated such public key of any other BGP
                        router.</span></p>
                  </div>
                  <div>
                    <p class="x_xmsonormal"><span
                        style="font-family:"Calibri",sans-serif;
                        color:black">- ICANN will also receive in
                        real-time any route object
                        creation/modification/deletion notification from
                        any of the 5 RIRs and will then update all the
                        BGP routers through all of their sessions.</span></p>
                  </div>
                  <div>
                    <p class="x_xmsonormal"><span
                        style="font-family:"Calibri",sans-serif;
                        color:black"> </span></p>
                  </div>
                  <div>
                    <p class="x_xmsonormal"><span
                        style="font-family:"Calibri",sans-serif;
                        color:black">- In case a BGP router doesn't have
                        an active session to ICANN backend
                        infrastructure (for any reason, might be due to
                        networking issue) - then temporarily the
                        internal 'Check tracking flag' of it will be set
                        to 'off'. After the session with ICANN backend
                        infrastructure will be re-established and the
                        BGP router will receive all the meantime updates
                        - the boolean value of 'Check internal flag'
                        will return to initial state.</span></p>
                  </div>
                  <div>
                    <p class="x_xmsonormal"><span
                        style="font-family:"Calibri",sans-serif;
                        color:black">- Any update from ICANN backend
                        infrastructure to a BGP router (such as a public
                        key of another BGP router, or a routing object
                        update) - will be confirmed that the update was
                        received well by the BGP router side.</span></p>
                  </div>
                  <div>
                    <p class="x_xmsonormal"><span
                        style="font-family:"Calibri",sans-serif;
                        color:black"> </span></p>
                  </div>
                  <div>
                    <p class="x_xmsonormal"><span
                        style="font-family:"Calibri",sans-serif;
                        color:black"> </span></p>
                  </div>
                  <div>
                    <p class="x_xmsonormal"><span
                        style="font-family:"Calibri",sans-serif;
                        color:black"> </span></p>
                  </div>
                  <div>
                    <p class="x_xmsonormal"><span
                        style="font-family:"Calibri",sans-serif;
                        color:black">'Check tracking flag' in BGP
                        Routers:</span></p>
                  </div>
                  <div>
                    <p class="x_xmsonormal"><span
                        style="font-family:"Calibri",sans-serif;
                        color:black"> </span></p>
                  </div>
                  <div>
                    <p class="x_xmsonormal"><span
                        style="font-family:"Calibri",sans-serif;
                        color:black">- BGP routers, in their GUI and CLI
                        interfaces - will not allow the end-user to set
                        the boolean value of 'Check tracking flag', in
                        order to avoid misconfiguration.</span></p>
                  </div>
                  <div>
                    <p class="x_xmsonormal"><span
                        style="font-family:"Calibri",sans-serif;
                        color:black">- The ICANN backend infrastructure
                        through the session with the BGP router - will
                        be able to set the boolean value of the 'Check
                        tracking flag'.</span></p>
                  </div>
                  <div>
                    <p class="x_xmsonormal"><span
                        style="font-family:"Calibri",sans-serif;
                        color:black">- The reason for it, is that if
                        'Check tracking flag' will be set on some
                        destination BGP routers while some other source
                        BGP routers weren't upgraded yet (and will not
                        send the 'tracking ip packet' due to it) - then
                        'tracking ip packet' will never reach the
                        destination BGP router and the internet will
                        break.</span></p>
                  </div>
                  <div>
                    <p class="x_xmsonormal"><span
                        style="font-family:"Calibri",sans-serif;
                        color:black">- Central setting of 'Check
                        tracking flag' through ICANN backend
                        infrastructure - will allow ICANN to inform all
                        the BGP routers at once to switch 'on' the
                        'Check tracking flag'</span></p>
                  </div>
                  <div>
                    <p class="x_xmsonormal"><span
                        style="font-family:"Calibri",sans-serif;
                        color:black">- ICANN, in the session to any BGP
                        router, will also receive the percentage of ip
                        packets that were destained to that BGP router
                        network - that also had ip tracking packets, in
                        this way ICANN will know when all the BGP
                        routers were properly globally updated and when
                        it is time to enable the 'Check tracking flag'
                        in all the BGP routers.</span></p>
                  </div>
                  <div>
                    <p class="x_xmsonormal"><span
                        style="font-family:"Calibri",sans-serif;
                        color:black">- ICANN will know if all the BGP
                        routers in the world were upgraded based on
                        keeping the full BGP table and comparing it to
                        all the BGP routers that did and that did not
                        open a session to ICANN backend infrastructure.</span></p>
                  </div>
                  <div>
                    <p class="x_xmsonormal"><span
                        style="font-family:"Calibri",sans-serif;
                        color:black"> </span></p>
                  </div>
                  <div>
                    <p class="x_xmsonormal"><span
                        style="font-family:"Calibri",sans-serif;
                        color:black"> </span></p>
                  </div>
                  <div>
                    <p class="x_xmsonormal"><span
                        style="font-family:"Calibri",sans-serif;
                        color:black"> </span></p>
                  </div>
                  <div>
                    <p class="x_xmsonormal"><span
                        style="font-family:"Calibri",sans-serif;
                        color:black">Automatic preventation of IoT
                        botnet infections:</span></p>
                  </div>
                  <div>
                    <p class="x_xmsonormal"><span
                        style="font-family:"Calibri",sans-serif;
                        color:black"> </span></p>
                  </div>
                  <div>
                    <p class="x_xmsonormal"><span
                        style="font-family:"Calibri",sans-serif;
                        color:black">- IoT botnets are based on default
                        credentials, if we can block default credentials
                        of IoT devices then these kind of botnets (such
                        as Mirai-variants and similar) will stop to have
                        an impact in the internet.</span></p>
                  </div>
                  <div>
                    <p class="x_xmsonormal"><span
                        style="font-family:"Calibri",sans-serif;
                        color:black">- The data field in an ip packet -
                        will always be the same for an access attempt to
                        a IoT device with default credentials - hence
                        these kind of "IP protocol data fingerprints"
                        which are related to specific "IP protocol
                        numbers" will be provided by ICANN backend
                        infrastructure to each BGP router through the
                        opened session with it.</span></p>
                  </div>
                  <div>
                    <p class="x_xmsonormal"><span
                        style="font-family:"Calibri",sans-serif;
                        color:black">- There are two issues with
                        matching incoming ip packets to the "locally
                        stored IP protocol data fingerprints" - the
                        first one is that ip packets can be sent by
                        fragments (so not all the data field will be
                        sent at once in order to be able to be compared
                        with the locally stored data fingerprints) and
                        the second is that usernames (or url's) or any
                        other textual data in the incoming ip packet
                        data field can be in uppercase or in lowercase.
                        In order to overcome the possibility of the
                        existence of a single data fingerprint in
                        multiple incoming ip packet fragments - then in
                        case the BGP router is recognizing the incoming
                        fragmented ip packet data value as part of an
                        existing fingerprint data in its local database
                        then it will keep track of the arrival ip packet
                        fragments based on their specific IP-ID
                        identifier and the BGP router will not forward
                        the last ip packet fragment if the last ip
                        packet fragment will cause all the related ip
                        packet fragments to match a specific ip
                        fingerprint data (last ip packet doesn't have to
                        be the last fragmented part but it is the last
                        ip packet that arrived with that IP-ID
                        identifier, so the BGP router will keep track of
                        the specific fragmented IP packets that arrived
                        and their indexes in order to know when the last
                        one of them arrived). Regarding the second issue
                        - the stored data fingerprints in the local BGP
                        router will be stored in a way that some bytes
                        of them (in specific indexes) will not be
                        compared and in case all the other bytes will
                        match - then the bytes in these indexes - will
                        first be lowered case - and only then comparison
                        will be made to the specific indexed bytes in
                        the specific ip packet data fingerprint.</span></p>
                  </div>
                  <div>
                    <p class="x_xmsonormal"><span
                        style="font-family:"Calibri",sans-serif;
                        color:black">- In case a IoT device behind a BGP
                        router will be infected somehow (for example
                        when a specific fingerprint data with default
                        credentials for a specific device wasn't updated
                        yet through ICANN backend infrastructure), it
                        will be able to infect all the other IoT devices
                        in the local network when the connectivity to
                        them is not through the BGP router, that kind of
                        impact will be much much lower than infected IoT
                        device which can infect any other IoT device in
                        the internet and then massive botnets in the
                        internet are created which are being used for
                        DDoS.</span></p>
                  </div>
                  <div>
                    <p class="x_xmsonormal"><span
                        style="font-family:"Calibri",sans-serif;
                        color:black"> </span></p>
                  </div>
                  <div>
                    <p class="x_xmsonormal"><span
                        style="font-family:"Calibri",sans-serif;
                        color:black"> </span></p>
                  </div>
                  <div>
                    <p class="x_xmsonormal"><span
                        style="font-family:"Calibri",sans-serif;
                        color:black"> </span></p>
                  </div>
                  <div>
                    <p class="x_xmsonormal"><span
                        style="font-family:"Calibri",sans-serif;
                        color:black">Automatic prevention of botnet
                        C&C ip addresses:</span></p>
                  </div>
                  <div>
                    <p class="x_xmsonormal"><span
                        style="font-family:"Calibri",sans-serif;
                        color:black"> </span></p>
                  </div>
                  <div>
                    <p class="x_xmsonormal"><span
                        style="font-family:"Calibri",sans-serif;
                        color:black">- Botnets C&C are also a
                        problem in the internet.</span></p>
                  </div>
                  <div>
                    <p class="x_xmsonormal"><span
                        style="font-family:"Calibri",sans-serif;
                        color:black">- This problem can be overcome
                        using the following technical addition: the 5
                        RIR's will operate end-users honeypots machines
                        all over the world (it will be implemented by a
                        single physical machine in each location, for
                        example in each datacenter and in each major
                        ISP, each single physical machine will emulate a
                        virtual router and virtual VM's, the virtual
                        VM's will emulate many different kinds of 'real
                        world machines', any kind of automatic updating
                        (in the operating system configurations) will be
                        disabled, these honeypots machines are not
                        intended to make any outgoing connection, the
                        virtual routers will monitor if any outgoing
                        connection is made and if yes then it is to a
                        botnet C&C, the virtual router will update
                        the ICANN backend infrastructure regarding it
                        and the ICANN backend infrastructure will update
                        all the BGP routers (in their open sessions)
                        regarding it to completely block any
                        communication to that botnet C&C ip address.
                        There will be a web-based system and only the
                        related Law Enforcement Agency of that C&C
                        ip address region - will be able to remove that
                        C&C ip address from being blocked after
                        their manual check.</span></p>
                  </div>
                  <div>
                    <p class="x_xmsonormal"><span
                        style="font-family:"Calibri",sans-serif;
                        color:black">- Honeypot machines will be
                        deployed using 'templates' - these templates
                        must be signed and not anyone can create them,
                        they should be created and signed by an agreed
                        Law Enforcement Agency such as Interpol in order
                        to make sure that these templates are by-design
                        not making any outgoing connection. The
                        templates will be deployed in an automatic way
                        (major ISP's and datacenters will be able to
                        easily add a 'physical honeypot' server in their
                        network, that will be shipped to them), the
                        re-initiation of a compromised 'virtual machine'
                        that made  an outgoing connection - will also be
                        automatic through the system in the physical
                        server.</span></p>
                  </div>
                  <div>
                    <p class="x_xmsonormal"><span
                        style="font-family:"Calibri",sans-serif;
                        color:black"> </span></p>
                  </div>
                  <div>
                    <p class="x_xmsonormal"><span
                        style="font-family:"Calibri",sans-serif;
                        color:black"> </span></p>
                  </div>
                  <div>
                    <p class="x_xmsonormal"><span
                        style="font-family:"Calibri",sans-serif;
                        color:black">Respectfully,</span></p>
                  </div>
                  <div>
                    <p class="x_xmsonormal"><span
                        style="font-family:"Calibri",sans-serif;
                        color:black">Elad</span></p>
                  </div>
                </div>
                <p class="x_xmsonormal"><span
                    style="font-family:"Calibri",sans-serif;
                    color:black"> </span></p>
              </div>
            </div>
          </div>
        </div>
      </div>
      <br>
      <fieldset class="mimeAttachmentHeader"></fieldset>
      <pre class="moz-quote-pre" wrap="">_______________________________________________
members-discuss mailing list
<a class="moz-txt-link-abbreviated" href="mailto:members-discuss@ripe.net">members-discuss@ripe.net</a>
<a class="moz-txt-link-freetext" href="https://mailman.ripe.net/">https://mailman.ripe.net/</a>
Unsubscribe: <a class="moz-txt-link-freetext" href="https://lists.ripe.net/mailman/options/members-discuss/matthias%40brumm.net">https://lists.ripe.net/mailman/options/members-discuss/matthias%40brumm.net</a>
</pre>
    </blockquote>
    <pre class="moz-signature" cols="72">-- 
Unser Familien-Blog: <a class="moz-txt-link-freetext" href="https://brumm.family">https://brumm.family</a></pre>
  </body>
</html>