<html><head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
p
{mso-style-priority:99;
margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
p.xmsonormal, li.xmsonormal, div.xmsonormal
{mso-style-name:x_msonormal;
margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
p.xmsonormal0, li.xmsonormal0, div.xmsonormal0
{mso-style-name:x_msonormal0;
margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
p.xxmsonormal, li.xxmsonormal, div.xxmsonormal
{mso-style-name:x_xmsonormal;
margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
p.xxmsolistparagraph, li.xxmsolistparagraph, div.xxmsolistparagraph
{mso-style-name:x_xmsolistparagraph;
margin-top:0in;
margin-right:0in;
margin-bottom:0in;
margin-left:.5in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
p.xxmsonormal0, li.xxmsonormal0, div.xxmsonormal0
{mso-style-name:x_xmsonormal0;
margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
p.xxxmsonormal, li.xxxmsonormal, div.xxxmsonormal
{mso-style-name:x_xxmsonormal;
margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
p.xxxmsonormal0, li.xxxmsonormal0, div.xxxmsonormal0
{mso-style-name:x_xxmsonormal0;
margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
p.xxxxmsonormal, li.xxxxmsonormal, div.xxxxmsonormal
{mso-style-name:x_xxxmsonormal;
margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
p.xxxxmsonormal0, li.xxxxmsonormal0, div.xxxxmsonormal0
{mso-style-name:x_xxxmsonormal0;
margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
p.xxxxmsochpdefault, li.xxxxmsochpdefault, div.xxxxmsochpdefault
{mso-style-name:x_xxxmsochpdefault;
margin:0in;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Times New Roman",serif;}
p.xxxmsochpdefault, li.xxxmsochpdefault, div.xxxmsochpdefault
{mso-style-name:x_xxmsochpdefault;
margin:0in;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Times New Roman",serif;}
p.xxmsochpdefault, li.xxmsochpdefault, div.xxmsochpdefault
{mso-style-name:x_xmsochpdefault;
margin:0in;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Times New Roman",serif;}
p.xmsochpdefault, li.xmsochpdefault, div.xmsochpdefault
{mso-style-name:x_msochpdefault;
margin:0in;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Times New Roman",serif;}
span.xmsohyperlink
{mso-style-name:x_msohyperlink;
color:#0563C1;
text-decoration:underline;}
span.xmsohyperlinkfollowed
{mso-style-name:x_msohyperlinkfollowed;
color:#954F72;
text-decoration:underline;}
span.xxmsohyperlink
{mso-style-name:x_xmsohyperlink;
color:#0563C1;
text-decoration:underline;}
span.xxmsohyperlinkfollowed
{mso-style-name:x_xmsohyperlinkfollowed;
color:#954F72;
text-decoration:underline;}
span.xxxmsohyperlink
{mso-style-name:x_xxmsohyperlink;
color:#0563C1;
text-decoration:underline;}
span.xxxmsohyperlinkfollowed
{mso-style-name:x_xxmsohyperlinkfollowed;
color:#954F72;
text-decoration:underline;}
span.xxxxmsohyperlink
{mso-style-name:x_xxxmsohyperlink;
color:#0563C1;
text-decoration:underline;}
span.xxxxmsohyperlinkfollowed
{mso-style-name:x_xxxmsohyperlinkfollowed;
color:#954F72;
text-decoration:underline;}
span.xxxxemailstyle19
{mso-style-name:x_xxxemailstyle19;
font-family:"Calibri",sans-serif;
color:#1F497D;}
span.xxxemailstyle25
{mso-style-name:x_xxemailstyle25;
font-family:"Calibri",sans-serif;
color:#1F497D;}
span.xxemailstyle31
{mso-style-name:x_xemailstyle31;
font-family:"Calibri",sans-serif;
color:#1F497D;}
span.xemailstyle38
{mso-style-name:x_emailstyle38;
font-family:"Calibri",sans-serif;
color:#1F497D;}
span.EmailStyle44
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<style type="text/css">.style1 {font-family: "Times New Roman";}</style></head><body lang="EN-US" link="#0563C1" vlink="#954F72">
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Elad,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Can you explain why implementing uRPF (<a href="https://en.wikipedia.org/wiki/Reverse-path_forwarding#Unicast_RPF">https://en.wikipedia.org/wiki/Reverse-path_forwarding#Unicast_RPF</a>)
as part of BCP38 would not work? It’s a simple knob to enable on an interface of the post popular routing vendors and *NIX distributions, it’s been around forever, it doesn’t require the use of any routing protocol, or a central authority.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Thanks,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
<div>
<div style="mso-line-height-rule:exactly;-webkit-text-size-adjust:100%;"><table cellpadding="0" cellspacing="0" border="0" style="width:100%;"><tr style="font-size:0;"><td align="left" style="vertical-align:top;"><table cellpadding="0" cellspacing="0" border="0" style="width:500px;font-size:0;"><tr style="font-size:0;"><td align="left" style="padding:0 0 5px;vertical-align:top;"><table cellpadding="0" cellspacing="0" border="0" style="font-size:0;line-height:normal;"><tr style="font-size:0;"><td align="left" style="padding:0 10px 0 0;border-top:none;border-right:solid 2px #202E53;border-bottom:none;border-left:none;vertical-align:middle;"><a href="http://www.essensys.tech/" target="_blank" id="LPlnk689713" style="text-decoration:none;"><img src="http://essensys.tech/wp-content/uploads/2016/09/ESS-EX-LOGO.png" width="130" height="25" border="0" alt="" style="width:130px;min-width:130px;max-width:130px;height:25px;min-height:25px;max-height:25px;font-size:0;" /></a></td><td align="left" style="padding:10px 0 10px 10px;vertical-align:middle;"><table cellpadding="0" cellspacing="0" border="0" style="font-size:0;color:#202E53;font-style:normal;font-weight:700;white-space:nowrap;"><tr style="font-size:14.67px;color:#6FC6D8;"><td align="left" style="padding:0;vertical-align:top;font-family:Calibri;">Ryan Hamel<span style="font-family:remialcxesans;font-size:1px;color:#FFFFFF;line-height:1px;"></span></td></tr><tr style="font-size:13.33px;"><td align="left" style="padding:0;vertical-align:top;font-family:Calibri;">Network Support Engineer</td></tr><tr style="font-size:13.33px;font-weight:400;"><td align="left" style="padding:5px 0 0;vertical-align:top;font-family:Calibri;"><span style="color:#6FC6D8;font-weight:700;">W:</span> <a href="http://www.essensys.tech/" target="_blank" id="LPlnk689713" style="text-decoration:none;color:#202E53;"><strong style="font-weight:400;">www.essensys.tech</strong></a></td></tr></table></td></tr></table></td></tr><tr style="font-size:0;"><td align="left" style="padding:5px 0 0;border-top:solid 1px #808080;border-right:none;border-bottom:none;border-left:none;vertical-align:top;"><table cellpadding="0" cellspacing="0" border="0" style="white-space:normal;color:#202E53;font-size:9.33px;font-family:'Open Sans','Century Gothic',Arial,'Sans Serif';font-weight:400;font-style:normal;text-align:justify;"><tr style="font-size:11px;"><td style="font-family:Calibri;">The content of this email is confidential. If you are not the addressee, you may not distribute, copy or disclose any part of it. If you receive this message in error, please delete this from your system and notify the sender immediately by reply.<br /><br />essensys plc is a registered, public company in England and Wales. Registered Office: Aldgate Tower, <br />Leman Street, London, E1 8FA <br />essensys Inc is a Delaware company. Registered Office: 450 7th Avenue, New York, NY 10123<br /><br /> </td></tr></table></td></tr></table></td></tr></table></div><div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">From:</span></b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"> members-discuss <members-discuss-bounces@ripe.net>
<b>On Behalf Of </b>Elad Cohen<br>
<b>Sent:</b> Thursday, April 30, 2020 2:05 PM<br>
<b>To:</b> Stuart Willet (primary) <stu@safehosts.co.uk>; members-discuss@ripe.net<br>
<b>Subject:</b> Re: [members-discuss] Technical solution to resolve Spoofed IP traffic, Spoofed amplification DDoS attacks, BGP&RIR hijacking, IoT botnet infections and Botnet C&Cs<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal"><span style="font-family:"Calibri",sans-serif;color:black">Stuart,<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Calibri",sans-serif;color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Calibri",sans-serif;color:black">All the bgp routers will be upgraded if I will be elected, you can be sure of it, including EOL routers, there is and there will be solution for anything.<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Calibri",sans-serif;color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Calibri",sans-serif;color:black">After it all internet users will enjoy from the end of:<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Calibri",sans-serif;color:black">Spoofed IP traffic, Spoofed amplification DDoS attacks, BGP&RIR hijacking<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Calibri",sans-serif;color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Calibri",sans-serif;color:black">And the dramatically reducing of:<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Calibri",sans-serif;color:black">IoT botnet infections and Botnet C&Cs<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Calibri",sans-serif;color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Calibri",sans-serif;color:black">Respectfully,<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Calibri",sans-serif;color:black">Elad<o:p></o:p></span></p>
</div>
<div class="MsoNormal" align="center" style="text-align:center">
<hr size="4" width="98%" align="center">
</div>
<div id="divRplyFwdMsg">
<p class="MsoNormal"><b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:black">From:</span></b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:black"> Stuart Willet (primary) <<a href="mailto:stu@safehosts.co.uk">stu@safehosts.co.uk</a>><br>
<b>Sent:</b> Friday, May 1, 2020 12:01 AM<br>
<b>To:</b> Elad Cohen <<a href="mailto:elad@netstyle.io">elad@netstyle.io</a>>; <a href="mailto:members-discuss@ripe.net">
members-discuss@ripe.net</a> <<a href="mailto:members-discuss@ripe.net">members-discuss@ripe.net</a>><br>
<b>Subject:</b> RE: Technical solution to resolve Spoofed IP traffic, Spoofed amplification DDoS attacks, BGP&RIR hijacking, IoT botnet infections and Botnet C&Cs</span>
<o:p></o:p></p>
<div>
<p class="MsoNormal"> <o:p></o:p></p>
</div>
</div>
<div>
<div>
<p class="xmsonormal"><span lang="EN-GB" style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Elad,</span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="xmsonormal"><span lang="EN-GB" style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"> </span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="xmsonormal"><span lang="EN-GB" style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">As repeatedly explained to you, it simply is not possible to go around updating EVERY piece of hardware and software used for BGP sessions.</span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="xmsonormal"><span lang="EN-GB" style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">I don’t know why you can’t comprehend this, so I am simply going to stop responding to you.</span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="xmsonormal"><span lang="EN-GB" style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"> </span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="xmsonormal"><span lang="EN-GB" style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Respectfully,</span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="xmsonormal"><span lang="EN-GB" style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"> </span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="xmsonormal"><span lang="EN-GB" style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Stuart Willet.</span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="xmsonormal"><span lang="EN-GB" style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"> </span><span lang="EN-GB"><o:p></o:p></span></p>
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="xmsonormal"><b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">From:</span></b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"> Elad Cohen [<a href="mailto:elad@netstyle.io">mailto:elad@netstyle.io</a>]
<br>
<b>Sent:</b> 30 April 2020 21:59<br>
<b>To:</b> Stuart Willet (primary) <<a href="mailto:stu@safehosts.co.uk">stu@safehosts.co.uk</a>>;
<a href="mailto:members-discuss@ripe.net">members-discuss@ripe.net</a><br>
<b>Subject:</b> Re: Technical solution to resolve Spoofed IP traffic, Spoofed amplification DDoS attacks, BGP&RIR hijacking, IoT botnet infections and Botnet C&Cs</span><span lang="EN-GB"><o:p></o:p></span></p>
</div>
</div>
<p class="xmsonormal"><span lang="EN-GB"> <o:p></o:p></span></p>
<div>
<p class="xmsonormal"><span lang="EN-GB" style="font-family:"Calibri",sans-serif;color:black">Stuart,</span><span lang="EN-GB"><o:p></o:p></span></p>
</div>
<div>
<p class="xmsonormal"><span lang="EN-GB" style="font-family:"Calibri",sans-serif;color:black"> </span><span lang="EN-GB"><o:p></o:p></span></p>
</div>
<div>
<p class="xmsonormal"><span lang="EN-GB" style="font-family:"Calibri",sans-serif;color:black">The costs will be much much lower than the impacts of the following:</span><span lang="EN-GB"><o:p></o:p></span></p>
</div>
<div>
<p class="xmsonormal"><span lang="EN-GB" style="font-family:"Calibri",sans-serif;color:black"> </span><span lang="EN-GB"><o:p></o:p></span></p>
</div>
<div>
<p class="xmsonormal"><span lang="EN-GB" style="font-family:"Calibri",sans-serif;color:black">Spoofed IP traffic, Spoofed amplification DDoS attacks, BGP&RIR hijacking, IoT botnet infections and Botnet C&Cs</span><span lang="EN-GB"><o:p></o:p></span></p>
</div>
<div>
<p class="xmsonormal"><span lang="EN-GB" style="font-family:"Calibri",sans-serif;color:black"> </span><span lang="EN-GB"><o:p></o:p></span></p>
</div>
<div>
<p class="xmsonormal"><span lang="EN-GB" style="font-family:"Calibri",sans-serif;color:black">If you prefer to stay with all the above ok lets stay with it all.</span><span lang="EN-GB"><o:p></o:p></span></p>
</div>
<div>
<p class="xmsonormal"><span lang="EN-GB" style="font-family:"Calibri",sans-serif;color:black"> </span><span lang="EN-GB"><o:p></o:p></span></p>
</div>
<div>
<p class="xmsonormal"><span lang="EN-GB" style="font-family:"Calibri",sans-serif;color:black">If I will be elected you can be sure that I will do everything in my power to implement my solution that will resolve for all of it for all internet users.</span><span lang="EN-GB"><o:p></o:p></span></p>
</div>
<div>
<p class="xmsonormal"><span lang="EN-GB" style="font-family:"Calibri",sans-serif;color:black"> </span><span lang="EN-GB"><o:p></o:p></span></p>
</div>
<div>
<p class="xmsonormal"><span lang="EN-GB" style="font-family:"Calibri",sans-serif;color:black">Respectfully,</span><span lang="EN-GB"><o:p></o:p></span></p>
</div>
<div>
<p class="xmsonormal"><span lang="EN-GB" style="font-family:"Calibri",sans-serif;color:black">Elad</span><span lang="EN-GB"><o:p></o:p></span></p>
</div>
<div class="MsoNormal" align="center" style="text-align:center"><span lang="EN-GB">
<hr size="2" width="98%" align="center">
</span></div>
<div id="x_divRplyFwdMsg">
<p class="xmsonormal"><b><span lang="EN-GB" style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:black">From:</span></b><span lang="EN-GB" style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:black"> Stuart Willet (primary) <<a href="mailto:stu@safehosts.co.uk">stu@safehosts.co.uk</a>><br>
<b>Sent:</b> Thursday, April 30, 2020 11:54 PM<br>
<b>To:</b> Elad Cohen <<a href="mailto:elad@netstyle.io">elad@netstyle.io</a>>; <a href="mailto:members-discuss@ripe.net">
members-discuss@ripe.net</a> <<a href="mailto:members-discuss@ripe.net">members-discuss@ripe.net</a>><br>
<b>Subject:</b> RE: Technical solution to resolve Spoofed IP traffic, Spoofed amplification DDoS attacks, BGP&RIR hijacking, IoT botnet infections and Botnet C&Cs</span><span lang="EN-GB">
<o:p></o:p></span></p>
<div>
<p class="xmsonormal"><span lang="EN-GB"> <o:p></o:p></span></p>
</div>
</div>
<div>
<div>
<p class="xxmsonormal"><span lang="EN-GB" style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Elad,</span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="xxmsonormal"><span lang="EN-GB" style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"> </span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="xxmsonormal"><span lang="EN-GB" style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Please show me the costing for your solution.</span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="xxmsonormal"><span lang="EN-GB" style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">In short, how much will it cost to update every piece of hardware and software used in BGP sessions.</span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="xxmsonormal"><span lang="EN-GB" style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">How will you update all the END OF LIFE hardware and software?</span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="xxmsonormal"><span lang="EN-GB" style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"> </span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="xxmsonormal"><span lang="EN-GB" style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"> </span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="xxmsonormal"><span lang="EN-GB" style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Stuart Willet.</span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="xxmsonormal"><span lang="EN-GB" style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"> </span><span lang="EN-GB"><o:p></o:p></span></p>
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="xxmsonormal"><b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">From:</span></b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"> Elad Cohen [<a href="mailto:elad@netstyle.io">mailto:elad@netstyle.io</a>]
<br>
<b>Sent:</b> 30 April 2020 21:50<br>
<b>To:</b> Stuart Willet (primary) <<a href="mailto:stu@safehosts.co.uk">stu@safehosts.co.uk</a>>;
<a href="mailto:members-discuss@ripe.net">members-discuss@ripe.net</a><br>
<b>Subject:</b> Re: Technical solution to resolve Spoofed IP traffic, Spoofed amplification DDoS attacks, BGP&RIR hijacking, IoT botnet infections and Botnet C&Cs</span><span lang="EN-GB"><o:p></o:p></span></p>
</div>
</div>
<p class="xxmsonormal"><span lang="EN-GB"> <o:p></o:p></span></p>
<div>
<p class="xxmsonormal"><span lang="EN-GB" style="font-family:"Calibri",sans-serif;color:black">Stuart,</span><span lang="EN-GB"><o:p></o:p></span></p>
</div>
<div>
<p class="xxmsonormal"><span lang="EN-GB" style="font-family:"Calibri",sans-serif;color:black"> </span><span lang="EN-GB"><o:p></o:p></span></p>
</div>
<div>
<p class="xxmsonormal"><span lang="EN-GB" style="font-family:"Calibri",sans-serif;color:black">Not anyone can afford DDoS mitigation service and many in the Internet don't have such service including in the Ripe region, and even for the ones that are paying
for expensive DDoS mitigation service - DDoS attacks are using internet traffic, are using electrical power, interfering to access services, generating crime. If I will have the honor of being elected then I will implement it all for the best of everyone
including negative members like you.</span><span lang="EN-GB"><o:p></o:p></span></p>
</div>
<div>
<p class="xxmsonormal"><span lang="EN-GB" style="font-family:"Calibri",sans-serif;color:black"> </span><span lang="EN-GB"><o:p></o:p></span></p>
</div>
<div>
<p class="xxmsonormal"><span lang="EN-GB" style="font-family:"Calibri",sans-serif;color:black">Respectfully,</span><span lang="EN-GB"><o:p></o:p></span></p>
</div>
<div>
<p class="xxmsonormal"><span lang="EN-GB" style="font-family:"Calibri",sans-serif;color:black">Elad</span><span lang="EN-GB"><o:p></o:p></span></p>
</div>
<div class="MsoNormal" align="center" style="text-align:center"><span lang="EN-GB">
<hr size="2" width="98%" align="center">
</span></div>
<div id="x_x_divRplyFwdMsg">
<p class="xxmsonormal"><b><span lang="EN-GB" style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:black">From:</span></b><span lang="EN-GB" style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:black"> Stuart Willet (primary) <<a href="mailto:stu@safehosts.co.uk">stu@safehosts.co.uk</a>><br>
<b>Sent:</b> Thursday, April 30, 2020 11:44 PM<br>
<b>To:</b> Elad Cohen <<a href="mailto:elad@netstyle.io">elad@netstyle.io</a>>; <a href="mailto:members-discuss@ripe.net">
members-discuss@ripe.net</a> <<a href="mailto:members-discuss@ripe.net">members-discuss@ripe.net</a>><br>
<b>Subject:</b> RE: Technical solution to resolve Spoofed IP traffic, Spoofed amplification DDoS attacks, BGP&RIR hijacking, IoT botnet infections and Botnet C&Cs</span><span lang="EN-GB">
<o:p></o:p></span></p>
<div>
<p class="xxmsonormal"><span lang="EN-GB"> <o:p></o:p></span></p>
</div>
</div>
<div>
<div>
<p class="xxxmsonormal"><span lang="EN-GB" style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Elad,</span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="xxxmsonormal"><span lang="EN-GB" style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"> </span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="xxxmsonormal"><span lang="EN-GB" style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">I have not attacked you, just pointing out the incredibly impossible task you wish to be undertaken.<br>
As for costs, we currently use a DDoS mitigation service.</span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="xxxmsonormal"><span lang="EN-GB" style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"> </span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="xxxmsonormal"><span lang="EN-GB" style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Your solution is not feasible, full stop.</span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="xxxmsonormal"><span lang="EN-GB" style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"> </span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="xxxmsonormal"><span lang="EN-GB" style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Respectfully,</span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="xxxmsonormal"><span lang="EN-GB" style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"> </span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="xxxmsonormal"><span lang="EN-GB" style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Stuart Willet.</span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="xxxmsonormal"><span lang="EN-GB" style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"> </span><span lang="EN-GB"><o:p></o:p></span></p>
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="xxxmsonormal"><b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">From:</span></b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"> Elad Cohen [<a href="mailto:elad@netstyle.io">mailto:elad@netstyle.io</a>]
<br>
<b>Sent:</b> 30 April 2020 21:42<br>
<b>To:</b> Stuart Willet (primary) <<a href="mailto:stu@safehosts.co.uk">stu@safehosts.co.uk</a>>;
<a href="mailto:members-discuss@ripe.net">members-discuss@ripe.net</a><br>
<b>Subject:</b> Re: Technical solution to resolve Spoofed IP traffic, Spoofed amplification DDoS attacks, BGP&RIR hijacking, IoT botnet infections and Botnet C&Cs</span><span lang="EN-GB"><o:p></o:p></span></p>
</div>
</div>
<p class="xxxmsonormal"><span lang="EN-GB"> <o:p></o:p></span></p>
<div>
<p class="xxxmsonormal"><span lang="EN-GB" style="font-family:"Calibri",sans-serif;color:black">Stuart,</span><span lang="EN-GB"><o:p></o:p></span></p>
</div>
<div>
<p class="xxxmsonormal"><span lang="EN-GB" style="font-family:"Calibri",sans-serif;color:black"> </span><span lang="EN-GB"><o:p></o:p></span></p>
</div>
<div>
<p class="xxxmsonormal"><span lang="EN-GB" style="font-family:"Calibri",sans-serif;color:black">You are willing to sacrifice the good of the community for a personal attack against me. Regarding what you wrote: do you know how many compute time is wasted for
all the current DDoS attacks that this solution will not resolve ? do you know how many costs involved for organizations and companies which are under DDoS attacks ? when you compare the current to the state of this solution then this solution is by far better
than the current state.</span><span lang="EN-GB"><o:p></o:p></span></p>
</div>
<div>
<p class="xxxmsonormal"><span lang="EN-GB" style="font-family:"Calibri",sans-serif;color:black"> </span><span lang="EN-GB"><o:p></o:p></span></p>
</div>
<div>
<p class="xxxmsonormal"><span lang="EN-GB" style="font-family:"Calibri",sans-serif;color:black">Respectfully,</span><span lang="EN-GB"><o:p></o:p></span></p>
</div>
<div>
<p class="xxxmsonormal"><span lang="EN-GB" style="font-family:"Calibri",sans-serif;color:black">Elad</span><span lang="EN-GB"><o:p></o:p></span></p>
</div>
<div class="MsoNormal" align="center" style="text-align:center"><span lang="EN-GB">
<hr size="2" width="98%" align="center">
</span></div>
<div id="x_x_x_divRplyFwdMsg">
<p class="xxxmsonormal"><b><span lang="EN-GB" style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:black">From:</span></b><span lang="EN-GB" style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:black"> Stuart Willet (primary) <<a href="mailto:stu@safehosts.co.uk">stu@safehosts.co.uk</a>><br>
<b>Sent:</b> Thursday, April 30, 2020 11:39 PM<br>
<b>To:</b> Elad Cohen <<a href="mailto:elad@netstyle.io">elad@netstyle.io</a>>; <a href="mailto:members-discuss@ripe.net">
members-discuss@ripe.net</a> <<a href="mailto:members-discuss@ripe.net">members-discuss@ripe.net</a>><br>
<b>Subject:</b> RE: Technical solution to resolve Spoofed IP traffic, Spoofed amplification DDoS attacks, BGP&RIR hijacking, IoT botnet infections and Botnet C&Cs</span><span lang="EN-GB">
<o:p></o:p></span></p>
<div>
<p class="xxxmsonormal"><span lang="EN-GB"> <o:p></o:p></span></p>
</div>
</div>
<div>
<div>
<p class="xxxxmsonormal"><span lang="EN-GB" style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">In fairness, I couldn’t even be bothered reading further than the worlds BGP routers needing a firmware update to DOUBLE packet count whilst
adding compute time at an individual packet level.</span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="xxxxmsonormal"><span lang="EN-GB" style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Another idea, slightly marred by the unfathomable costs involved, along with its logistic impossibility.</span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="xxxxmsonormal"><span lang="EN-GB" style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"> </span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="xxxxmsonormal"><span lang="EN-GB" style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">/me sits back and grabs the popcorn…..</span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="xxxxmsonormal"><span lang="EN-GB" style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"> </span><span lang="EN-GB"><o:p></o:p></span></p>
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="xxxxmsonormal"><b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">From:</span></b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"> members-discuss [<a href="mailto:members-discuss-bounces@ripe.net">mailto:members-discuss-bounces@ripe.net</a>]
<b>On Behalf Of </b>Elad Cohen<br>
<b>Sent:</b> 30 April 2020 21:31<br>
<b>To:</b> <a href="mailto:members-discuss@ripe.net">members-discuss@ripe.net</a><br>
<b>Subject:</b> [members-discuss] Technical solution to resolve Spoofed IP traffic, Spoofed amplification DDoS attacks, BGP&RIR hijacking, IoT botnet infections and Botnet C&Cs</span><span lang="EN-GB"><o:p></o:p></span></p>
</div>
</div>
<p class="xxxxmsonormal"><span lang="EN-GB"> <o:p></o:p></span></p>
<div>
<div>
<p class="xxxxmsonormal"><span lang="EN-GB" style="font-family:"Calibri",sans-serif;color:black">Hello Ripe Members!</span><span lang="EN-GB"><o:p></o:p></span></p>
</div>
<div>
<p class="xxxxmsonormal"><span lang="EN-GB" style="font-family:"Calibri",sans-serif;color:black"> </span><span lang="EN-GB"><o:p></o:p></span></p>
</div>
<div>
<p class="xxxxmsonormal"><span lang="EN-GB" style="font-family:"Calibri",sans-serif;color:black">I will share the following solution in the near General Meeting and I'm interested to share the following technical solution with you as well, it will completely
resolve: Spoofed IP traffic, Spoofed amplification DDoS attacks, BGP&RIR hijacking. And will dramatically lower: IoT botnet infections and Botnet C&Cs.</span><span lang="EN-GB"><o:p></o:p></span></p>
</div>
<div>
<p class="xxxxmsonormal"><span lang="EN-GB" style="font-family:"Calibri",sans-serif;color:black"> </span><span lang="EN-GB"><o:p></o:p></span></p>
</div>
<div>
<p class="xxxxmsonormal"><span lang="EN-GB" style="font-family:"Calibri",sans-serif;color:black">By a single update to any BGP router, not any router needs to be updated, only active BGP routers. If I will have the honor of being elected to the Ripe Board I
will harness all the power of Ripe and all of the 5 RIR's and all of the LIR's in the 5 RIR's so routing manufacturing companies will implement the below processes and methods with a single firmware update to their BGP routers.
</span><span lang="EN-GB"><o:p></o:p></span></p>
</div>
<div>
<p class="xxxxmsonormal"><span lang="EN-GB" style="font-family:"Calibri",sans-serif;color:black"> </span><span lang="EN-GB"><o:p></o:p></span></p>
</div>
<div>
<p class="xxxxmsonormal"><span lang="EN-GB" style="font-family:"Calibri",sans-serif;color:black">I'm asking for your support in electing me so I will be able to enter the Ripe Board and then I will be able to make everything which is written in this post to
come true.</span><span lang="EN-GB"><o:p></o:p></span></p>
</div>
<div>
<p class="xxxxmsonormal"><span lang="EN-GB" style="font-family:"Calibri",sans-serif;color:black"> </span><span lang="EN-GB"><o:p></o:p></span></p>
</div>
<div>
<p class="xxxxmsonormal"><span lang="EN-GB" style="font-family:"Calibri",sans-serif;color:black"> </span><span lang="EN-GB"><o:p></o:p></span></p>
</div>
<div>
<p class="xxxxmsonormal"><span lang="EN-GB" style="font-family:"Calibri",sans-serif;color:black">Regarding the bgp-anycasted infrastructure written below, ICANN is written but the global bgp-anycasted infrastructure can be managed by the 5 RIR's and/or by the
ccTLDs registries (my main point is that who will operate the bgp-anycasted infrastructure is not important for now, as long as it will be an agreed authoritative non-governmental non-commercial global entity/ies)</span><span lang="EN-GB"><o:p></o:p></span></p>
</div>
<div>
<p class="xxxxmsonormal"><span lang="EN-GB" style="font-family:"Calibri",sans-serif;color:black"> </span><span lang="EN-GB"><o:p></o:p></span></p>
<div>
<p class="xxxxmsonormal"><span lang="EN-GB" style="font-family:"Calibri",sans-serif;color:black">With new tracking protocol over ip, routers will be able to confirm that source ip came from the network of the announcing ASN, and hence spoofed amplification
DDoS attacks will be completely annihilated.</span><span lang="EN-GB"><o:p></o:p></span></p>
</div>
</div>
<div>
<p class="xxxxmsonormal"><span lang="EN-GB" style="font-family:"Calibri",sans-serif;color:black"> </span><span lang="EN-GB"><o:p></o:p></span></p>
</div>
<div>
<p class="xxxxmsonormal"><span lang="EN-GB" style="font-family:"Calibri",sans-serif;color:black"> </span><span lang="EN-GB"><o:p></o:p></span></p>
<div>
<p class="xxxxmsonormal"><span lang="EN-GB" style="font-family:"Calibri",sans-serif;color:black">The Process:</span><span lang="EN-GB"><o:p></o:p></span></p>
</div>
<div>
<p class="xxxxmsonormal"><span lang="EN-GB" style="font-family:"Calibri",sans-serif;color:black"> </span><span lang="EN-GB"><o:p></o:p></span></p>
</div>
<div>
<p class="xxxxmsonormal"><span lang="EN-GB" style="font-family:"Calibri",sans-serif;color:black">At the source BGP router, for any ip packet with a source address that is from the network of the source BGP router (lets call it original ip packet) - the source
BGP router will create a new ip packet (lets call it tracking ip packet) with a new transport layer protocol and with the same source address and with the same destination address and with the same IP-ID such as the original ip packet.</span><span lang="EN-GB"><o:p></o:p></span></p>
</div>
<div>
<p class="xxxxmsonormal"><span lang="EN-GB" style="font-family:"Calibri",sans-serif;color:black"> </span><span lang="EN-GB"><o:p></o:p></span></p>
</div>
<div>
<p class="xxxxmsonormal"><span lang="EN-GB" style="font-family:"Calibri",sans-serif;color:black">In the new tracking ip packet there will be a new transport layer protocol (tracking protocol) with the following fields:</span><span lang="EN-GB"><o:p></o:p></span></p>
</div>
<div>
<p class="xxxxmsonormal"><span lang="EN-GB" style="font-family:"Calibri",sans-serif;color:black">AS number of source BGP router in clear text</span><span lang="EN-GB"><o:p></o:p></span></p>
</div>
<div>
<p class="xxxxmsonormal"><span lang="EN-GB" style="font-family:"Calibri",sans-serif;color:black">AS number of source BGP router encrypted with the private key of the source BGP router</span><span lang="EN-GB"><o:p></o:p></span></p>
</div>
<div>
<p class="xxxxmsonormal"><span lang="EN-GB" style="font-family:"Calibri",sans-serif;color:black"> </span><span lang="EN-GB"><o:p></o:p></span></p>
</div>
<div>
<p class="xxxxmsonormal"><span lang="EN-GB" style="font-family:"Calibri",sans-serif;color:black">The destination BGP router (a BGP router that the destination address is in its network) whenever it receive a 'tracking ip packet' will check if its have the internal
boolean 'Check tracking flag' in it - 'on' or 'off':</span><span lang="EN-GB"><o:p></o:p></span></p>
</div>
<div>
<p class="xxxxmsonormal"><span lang="EN-GB" style="font-family:"Calibri",sans-serif;color:black">If 'off' then the destination BGP router will drop that 'tracking ip packet'</span><span lang="EN-GB"><o:p></o:p></span></p>
</div>
<div>
<p class="xxxxmsonormal"><span lang="EN-GB" style="font-family:"Calibri",sans-serif;color:black"> </span><span lang="EN-GB"><o:p></o:p></span></p>
</div>
<div>
<p class="xxxxmsonormal"><span lang="EN-GB" style="font-family:"Calibri",sans-serif;color:black">If 'on' then the destination BGP router will decrypt the 'encrypted AS number' with the public key of the specific AS number</span><span lang="EN-GB"><o:p></o:p></span></p>
</div>
<div>
<p class="xxxxmsonormal"><span lang="EN-GB" style="font-family:"Calibri",sans-serif;color:black">and after decryption the AS number need to be the result:</span><span lang="EN-GB"><o:p></o:p></span></p>
</div>
<div>
<p class="xxxxmsonormal"><span lang="EN-GB" style="font-family:"Calibri",sans-serif;color:black">if not then to drop the tracking ip packet and the original ip packet related to it</span><span lang="EN-GB"><o:p></o:p></span></p>
</div>
<div>
<p class="xxxxmsonormal"><span lang="EN-GB" style="font-family:"Calibri",sans-serif;color:black">if yes then to drop the tracking ip packet and to forward the related original ip packet to destination but only if the source address is originated from the specific
ASN (according to the local ASNs+ranges table in the BGP router, such table will be received from ICANN)</span><span lang="EN-GB"><o:p></o:p></span></p>
</div>
<div>
<p class="xxxxmsonormal"><span lang="EN-GB" style="font-family:"Calibri",sans-serif;color:black"> </span><span lang="EN-GB"><o:p></o:p></span></p>
</div>
<div>
<p class="xxxxmsonormal"><span lang="EN-GB" style="font-family:"Calibri",sans-serif;color:black"> </span><span lang="EN-GB"><o:p></o:p></span></p>
</div>
<div>
<p class="xxxxmsonormal"><span lang="EN-GB" style="font-family:"Calibri",sans-serif;color:black">If the 'Check tracking flag' is set to 'on' then any original ip packet that arrive to the destination BGP router will wait for the related tracking ip packet (in
case the related tracking ip packet didn't already arrived to the destination BGP router). The destination BGP router will manage such waiting for X number of seconds.</span><span lang="EN-GB"><o:p></o:p></span></p>
</div>
<div>
<p class="xxxxmsonormal"><span lang="EN-GB" style="font-family:"Calibri",sans-serif;color:black"> </span><span lang="EN-GB"><o:p></o:p></span></p>
</div>
<div>
<p class="xxxxmsonormal"><span lang="EN-GB" style="font-family:"Calibri",sans-serif;color:black">The destination BGP router will match between a tracking ip packet and an original ip packet - based on their source address and their destination address and their
IP-ID which will all be identical.</span><span lang="EN-GB"><o:p></o:p></span></p>
</div>
<div>
<p class="xxxxmsonormal"><span lang="EN-GB" style="font-family:"Calibri",sans-serif;color:black"> </span><span lang="EN-GB"><o:p></o:p></span></p>
</div>
<div>
<p class="xxxxmsonormal"><span lang="EN-GB" style="font-family:"Calibri",sans-serif;color:black"> </span><span lang="EN-GB"><o:p></o:p></span></p>
</div>
<div>
<p class="xxxxmsonormal"><span lang="EN-GB" style="font-family:"Calibri",sans-serif;color:black"> </span><span lang="EN-GB"><o:p></o:p></span></p>
</div>
<div>
<p class="xxxxmsonormal"><span lang="EN-GB" style="font-family:"Calibri",sans-serif;color:black">More Aspects:</span><span lang="EN-GB"><o:p></o:p></span></p>
</div>
<div>
<p class="xxxxmsonormal"><span lang="EN-GB" style="font-family:"Calibri",sans-serif;color:black"> </span><span lang="EN-GB"><o:p></o:p></span></p>
</div>
<div>
<p class="xxxxmsonormal"><span lang="EN-GB" style="font-family:"Calibri",sans-serif;color:black">- The end-devices will not need to be updated, any router will not need to be updated, only all the BGP routers will need to be updated.</span><span lang="EN-GB"><o:p></o:p></span></p>
</div>
<div>
<p class="xxxxmsonormal"><span lang="EN-GB" style="font-family:"Calibri",sans-serif;color:black">- Any BGP router in the routing path, which the original ip packet and the tracking ip packet are not destined to an ip address in its own network - will not check
the content of the tracking ip packet and will forward both the tracking ip packet and the original ip packet as they are.</span><span lang="EN-GB"><o:p></o:p></span></p>
</div>
<div>
<p class="xxxxmsonormal"><span lang="EN-GB" style="font-family:"Calibri",sans-serif;color:black">- Each BGP router will have all the public keys (of all the ASN's) locally.</span><span lang="EN-GB"><o:p></o:p></span></p>
</div>
<div>
<p class="xxxxmsonormal"><span lang="EN-GB" style="font-family:"Calibri",sans-serif;color:black">- Each BGP router will have a full list of all the ASN's and all the route objects ranges which are related to them locally.</span><span lang="EN-GB"><o:p></o:p></span></p>
</div>
<div>
<p class="xxxxmsonormal"><span lang="EN-GB" style="font-family:"Calibri",sans-serif;color:black"> </span><span lang="EN-GB"><o:p></o:p></span></p>
</div>
<div>
<p class="xxxxmsonormal"><span lang="EN-GB" style="font-family:"Calibri",sans-serif;color:black"> </span><span lang="EN-GB"><o:p></o:p></span></p>
</div>
<div>
<p class="xxxxmsonormal"><span lang="EN-GB" style="font-family:"Calibri",sans-serif;color:black"> </span><span lang="EN-GB"><o:p></o:p></span></p>
</div>
<div>
<p class="xxxxmsonormal"><span lang="EN-GB" style="font-family:"Calibri",sans-serif;color:black">How BGP routers will receive all the ranges in all the route objects of all the ASNs (in the 5 RIRs) and all the public keys of all the ASNs (for decrypting the
encrypted strings in 'tracking ip packets'):</span><span lang="EN-GB"><o:p></o:p></span></p>
</div>
<div>
<p class="xxxxmsonormal"><span lang="EN-GB" style="font-family:"Calibri",sans-serif;color:black"> </span><span lang="EN-GB"><o:p></o:p></span></p>
</div>
<div>
<p class="xxxxmsonormal"><span lang="EN-GB" style="font-family:"Calibri",sans-serif;color:black">- Each BGP router will create a tcp session with ICANN backend infrastructure (the backend infrastructure of ICANN will use BGP anycast and will be available from
many locations worldwide with automatic syncing)</span><span lang="EN-GB"><o:p></o:p></span></p>
</div>
<div>
<p class="xxxxmsonormal"><span lang="EN-GB" style="font-family:"Calibri",sans-serif;color:black">- At this stage there will be a handshake process between the BGP router and the ICANN backend infrastructure in order for ICANN to know the correct ASN which is
operating the BGP router - the BGP router will send its ASN in cleartext and also its ASN encrypted with its ICANN-communication-private-key , ICANN will know the related public key for the specific ASN from the specific ASN object in the RIR (the public key
for communication with ICANN will be displayed there) - after decryption ICANN will compare the decrypted string to the AS Number for successful authentication.</span><span lang="EN-GB"><o:p></o:p></span></p>
</div>
<div>
<p class="xxxxmsonormal"><span lang="EN-GB" style="font-family:"Calibri",sans-serif;color:black">- After successful authentication, all the communication will be encrypted, ICANN will notify the BGP router about its public key and ICANN will use the public
key of the ASN for the communication with ICANN - from the ASN object in the RIR.</span><span lang="EN-GB"><o:p></o:p></span></p>
</div>
<div>
<p class="xxxxmsonormal"><span lang="EN-GB" style="font-family:"Calibri",sans-serif;color:black">- The BGP router will send over the session its public key to be used by other BGP routers in order to decrypt the encrypted string in the tracking ip packets that
it will originate (that private key and public key will be managed in the BGP router GUI or CLI).</span><span lang="EN-GB"><o:p></o:p></span></p>
</div>
<div>
<p class="xxxxmsonormal"><span lang="EN-GB" style="font-family:"Calibri",sans-serif;color:black">- ICANN will notify all the other BGP routers through the sessions with them about a newly updated such public key of any other BGP router.</span><span lang="EN-GB"><o:p></o:p></span></p>
</div>
<div>
<p class="xxxxmsonormal"><span lang="EN-GB" style="font-family:"Calibri",sans-serif;color:black">- ICANN will also receive in real-time any route object creation/modification/deletion notification from any of the 5 RIRs and will then update all the BGP routers
through all of their sessions.</span><span lang="EN-GB"><o:p></o:p></span></p>
</div>
<div>
<p class="xxxxmsonormal"><span lang="EN-GB" style="font-family:"Calibri",sans-serif;color:black"> </span><span lang="EN-GB"><o:p></o:p></span></p>
</div>
<div>
<p class="xxxxmsonormal"><span lang="EN-GB" style="font-family:"Calibri",sans-serif;color:black">- In case a BGP router doesn't have an active session to ICANN backend infrastructure (for any reason, might be due to networking issue) - then temporarily the
internal 'Check tracking flag' of it will be set to 'off'. After the session with ICANN backend infrastructure will be re-established and the BGP router will receive all the meantime updates - the boolean value of 'Check internal flag' will return to initial
state.</span><span lang="EN-GB"><o:p></o:p></span></p>
</div>
<div>
<p class="xxxxmsonormal"><span lang="EN-GB" style="font-family:"Calibri",sans-serif;color:black">- Any update from ICANN backend infrastructure to a BGP router (such as a public key of another BGP router, or a routing object update) - will be confirmed that
the update was received well by the BGP router side.</span><span lang="EN-GB"><o:p></o:p></span></p>
</div>
<div>
<p class="xxxxmsonormal"><span lang="EN-GB" style="font-family:"Calibri",sans-serif;color:black"> </span><span lang="EN-GB"><o:p></o:p></span></p>
</div>
<div>
<p class="xxxxmsonormal"><span lang="EN-GB" style="font-family:"Calibri",sans-serif;color:black"> </span><span lang="EN-GB"><o:p></o:p></span></p>
</div>
<div>
<p class="xxxxmsonormal"><span lang="EN-GB" style="font-family:"Calibri",sans-serif;color:black"> </span><span lang="EN-GB"><o:p></o:p></span></p>
</div>
<div>
<p class="xxxxmsonormal"><span lang="EN-GB" style="font-family:"Calibri",sans-serif;color:black">'Check tracking flag' in BGP Routers:</span><span lang="EN-GB"><o:p></o:p></span></p>
</div>
<div>
<p class="xxxxmsonormal"><span lang="EN-GB" style="font-family:"Calibri",sans-serif;color:black"> </span><span lang="EN-GB"><o:p></o:p></span></p>
</div>
<div>
<p class="xxxxmsonormal"><span lang="EN-GB" style="font-family:"Calibri",sans-serif;color:black">- BGP routers, in their GUI and CLI interfaces - will not allow the end-user to set the boolean value of 'Check tracking flag', in order to avoid misconfiguration.</span><span lang="EN-GB"><o:p></o:p></span></p>
</div>
<div>
<p class="xxxxmsonormal"><span lang="EN-GB" style="font-family:"Calibri",sans-serif;color:black">- The ICANN backend infrastructure through the session with the BGP router - will be able to set the boolean value of the 'Check tracking flag'.</span><span lang="EN-GB"><o:p></o:p></span></p>
</div>
<div>
<p class="xxxxmsonormal"><span lang="EN-GB" style="font-family:"Calibri",sans-serif;color:black">- The reason for it, is that if 'Check tracking flag' will be set on some destination BGP routers while some other source BGP routers weren't upgraded yet (and
will not send the 'tracking ip packet' due to it) - then 'tracking ip packet' will never reach the destination BGP router and the internet will break.</span><span lang="EN-GB"><o:p></o:p></span></p>
</div>
<div>
<p class="xxxxmsonormal"><span lang="EN-GB" style="font-family:"Calibri",sans-serif;color:black">- Central setting of 'Check tracking flag' through ICANN backend infrastructure - will allow ICANN to inform all the BGP routers at once to switch 'on' the 'Check
tracking flag'</span><span lang="EN-GB"><o:p></o:p></span></p>
</div>
<div>
<p class="xxxxmsonormal"><span lang="EN-GB" style="font-family:"Calibri",sans-serif;color:black">- ICANN, in the session to any BGP router, will also receive the percentage of ip packets that were destained to that BGP router network - that also had ip tracking
packets, in this way ICANN will know when all the BGP routers were properly globally updated and when it is time to enable the 'Check tracking flag' in all the BGP routers.</span><span lang="EN-GB"><o:p></o:p></span></p>
</div>
<div>
<p class="xxxxmsonormal"><span lang="EN-GB" style="font-family:"Calibri",sans-serif;color:black">- ICANN will know if all the BGP routers in the world were upgraded based on keeping the full BGP table and comparing it to all the BGP routers that did and that
did not open a session to ICANN backend infrastructure.</span><span lang="EN-GB"><o:p></o:p></span></p>
</div>
<div>
<p class="xxxxmsonormal"><span lang="EN-GB" style="font-family:"Calibri",sans-serif;color:black"> </span><span lang="EN-GB"><o:p></o:p></span></p>
</div>
<div>
<p class="xxxxmsonormal"><span lang="EN-GB" style="font-family:"Calibri",sans-serif;color:black"> </span><span lang="EN-GB"><o:p></o:p></span></p>
</div>
<div>
<p class="xxxxmsonormal"><span lang="EN-GB" style="font-family:"Calibri",sans-serif;color:black"> </span><span lang="EN-GB"><o:p></o:p></span></p>
</div>
<div>
<p class="xxxxmsonormal"><span lang="EN-GB" style="font-family:"Calibri",sans-serif;color:black">Automatic preventation of IoT botnet infections:</span><span lang="EN-GB"><o:p></o:p></span></p>
</div>
<div>
<p class="xxxxmsonormal"><span lang="EN-GB" style="font-family:"Calibri",sans-serif;color:black"> </span><span lang="EN-GB"><o:p></o:p></span></p>
</div>
<div>
<p class="xxxxmsonormal"><span lang="EN-GB" style="font-family:"Calibri",sans-serif;color:black">- IoT botnets are based on default credentials, if we can block default credentials of IoT devices then these kind of botnets (such as Mirai-variants and similar)
will stop to have an impact in the internet.</span><span lang="EN-GB"><o:p></o:p></span></p>
</div>
<div>
<p class="xxxxmsonormal"><span lang="EN-GB" style="font-family:"Calibri",sans-serif;color:black">- The data field in an ip packet - will always be the same for an access attempt to a IoT device with default credentials - hence these kind of "IP protocol data
fingerprints" which are related to specific "IP protocol numbers" will be provided by ICANN backend infrastructure to each BGP router through the opened session with it.</span><span lang="EN-GB"><o:p></o:p></span></p>
</div>
<div>
<p class="xxxxmsonormal"><span lang="EN-GB" style="font-family:"Calibri",sans-serif;color:black">- There are two issues with matching incoming ip packets to the "locally stored IP protocol data fingerprints" - the first one is that ip packets can be sent by
fragments (so not all the data field will be sent at once in order to be able to be compared with the locally stored data fingerprints) and the second is that usernames (or url's) or any other textual data in the incoming ip packet data field can be in uppercase
or in lowercase. In order to overcome the possibility of the existence of a single data fingerprint in multiple incoming ip packet fragments - then in case the BGP router is recognizing the incoming fragmented ip packet data value as part of an existing fingerprint
data in its local database then it will keep track of the arrival ip packet fragments based on their specific IP-ID identifier and the BGP router will not forward the last ip packet fragment if the last ip packet fragment will cause all the related ip packet
fragments to match a specific ip fingerprint data (last ip packet doesn't have to be the last fragmented part but it is the last ip packet that arrived with that IP-ID identifier, so the BGP router will keep track of the specific fragmented IP packets that
arrived and their indexes in order to know when the last one of them arrived). Regarding the second issue - the stored data fingerprints in the local BGP router will be stored in a way that some bytes of them (in specific indexes) will not be compared and
in case all the other bytes will match - then the bytes in these indexes - will first be lowered case - and only then comparison will be made to the specific indexed bytes in the specific ip packet data fingerprint.</span><span lang="EN-GB"><o:p></o:p></span></p>
</div>
<div>
<p class="xxxxmsonormal"><span lang="EN-GB" style="font-family:"Calibri",sans-serif;color:black">- In case a IoT device behind a BGP router will be infected somehow (for example when a specific fingerprint data with default credentials for a specific device
wasn't updated yet through ICANN backend infrastructure), it will be able to infect all the other IoT devices in the local network when the connectivity to them is not through the BGP router, that kind of impact will be much much lower than infected IoT device
which can infect any other IoT device in the internet and then massive botnets in the internet are created which are being used for DDoS.</span><span lang="EN-GB"><o:p></o:p></span></p>
</div>
<div>
<p class="xxxxmsonormal"><span lang="EN-GB" style="font-family:"Calibri",sans-serif;color:black"> </span><span lang="EN-GB"><o:p></o:p></span></p>
</div>
<div>
<p class="xxxxmsonormal"><span lang="EN-GB" style="font-family:"Calibri",sans-serif;color:black"> </span><span lang="EN-GB"><o:p></o:p></span></p>
</div>
<div>
<p class="xxxxmsonormal"><span lang="EN-GB" style="font-family:"Calibri",sans-serif;color:black"> </span><span lang="EN-GB"><o:p></o:p></span></p>
</div>
<div>
<p class="xxxxmsonormal"><span lang="EN-GB" style="font-family:"Calibri",sans-serif;color:black">Automatic prevention of botnet C&C ip addresses:</span><span lang="EN-GB"><o:p></o:p></span></p>
</div>
<div>
<p class="xxxxmsonormal"><span lang="EN-GB" style="font-family:"Calibri",sans-serif;color:black"> </span><span lang="EN-GB"><o:p></o:p></span></p>
</div>
<div>
<p class="xxxxmsonormal"><span lang="EN-GB" style="font-family:"Calibri",sans-serif;color:black">- Botnets C&C are also a problem in the internet.</span><span lang="EN-GB"><o:p></o:p></span></p>
</div>
<div>
<p class="xxxxmsonormal"><span lang="EN-GB" style="font-family:"Calibri",sans-serif;color:black">- This problem can be overcome using the following technical addition: the 5 RIR's will operate end-users honeypots machines all over the world (it will be implemented
by a single physical machine in each location, for example in each datacenter and in each major ISP, each single physical machine will emulate a virtual router and virtual VM's, the virtual VM's will emulate many different kinds of 'real world machines', any
kind of automatic updating (in the operating system configurations) will be disabled, these honeypots machines are not intended to make any outgoing connection, the virtual routers will monitor if any outgoing connection is made and if yes then it is to a
botnet C&C, the virtual router will update the ICANN backend infrastructure regarding it and the ICANN backend infrastructure will update all the BGP routers (in their open sessions) regarding it to completely block any communication to that botnet C&C ip
address. There will be a web-based system and only the related Law Enforcement Agency of that C&C ip address region - will be able to remove that C&C ip address from being blocked after their manual check.</span><span lang="EN-GB"><o:p></o:p></span></p>
</div>
<div>
<p class="xxxxmsonormal"><span lang="EN-GB" style="font-family:"Calibri",sans-serif;color:black">- Honeypot machines will be deployed using 'templates' - these templates must be signed and not anyone can create them, they should be created and signed by an
agreed Law Enforcement Agency such as Interpol in order to make sure that these templates are by-design not making any outgoing connection. The templates will be deployed in an automatic way (major ISP's and datacenters will be able to easily add a 'physical
honeypot' server in their network, that will be shipped to them), the re-initiation of a compromised 'virtual machine' that made an outgoing connection - will also be automatic through the system in the physical server.</span><span lang="EN-GB"><o:p></o:p></span></p>
</div>
<div>
<p class="xxxxmsonormal"><span lang="EN-GB" style="font-family:"Calibri",sans-serif;color:black"> </span><span lang="EN-GB"><o:p></o:p></span></p>
</div>
<div>
<p class="xxxxmsonormal"><span lang="EN-GB" style="font-family:"Calibri",sans-serif;color:black"> </span><span lang="EN-GB"><o:p></o:p></span></p>
</div>
<div>
<p class="xxxxmsonormal"><span lang="EN-GB" style="font-family:"Calibri",sans-serif;color:black">Respectfully,</span><span lang="EN-GB"><o:p></o:p></span></p>
</div>
<div>
<p class="xxxxmsonormal"><span lang="EN-GB" style="font-family:"Calibri",sans-serif;color:black">Elad</span><span lang="EN-GB"><o:p></o:p></span></p>
</div>
</div>
<p class="xxxxmsonormal"><span lang="EN-GB" style="font-family:"Calibri",sans-serif;color:black"> </span><span lang="EN-GB"><o:p></o:p></span></p>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<br><br><p style="font-family: Verdana; font-size:10pt; color:#666666;"><b>Disclaimer</b></p><p style="font-family: Verdana; font-size:8pt; color:#666666;">The information contained in this communication from the sender is confidential. It is intended solely for use by the recipient and others authorized to receive it. If you are not the recipient, you are hereby notified that any disclosure, copying, distribution or taking action in relation of the contents of this information is strictly prohibited and may be unlawful.<br><br>This email has been scanned for viruses and malware, and may have been automatically archived by <b>Mimecast Ltd</b>, an innovator in Software as a Service (SaaS) for business. Providing a <b>safer</b> and <b>more useful</b> place for your human generated data. Specializing in; Security, archiving and compliance. To find out more <a href="http://www.mimecast.com/products/" target="_blank">Click Here</a>.</p></body></html>