<html>
<head>
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
</head>
<body>
<p>
<blockquote type="cite">
<div style="font-family: Calibri, Arial, Helvetica, sans-serif;
font-size: 12pt; color: rgb(0, 0, 0);">
The costs will be much much lower than the impacts of the
following:</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif;
font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif;
font-size: 12pt; color: rgb(0, 0, 0);">
<span>Spoofed IP traffic</span></div>
</blockquote>
</p>
<p>hmmm. isn't the following spoofing too?</p>
<p><br>
</p>
<p>
<blockquote type="cite">the source BGP router will create a new ip
packet (lets call it tracking ip packet) with a new transport
layer protocol and with the same source address and with the
same destination address and with the same IP-ID such as the
original ip packet</blockquote>
<br>
</p>
<p><br>
</p>
<p><br>
</p>
<p><br>
</p>
<div class="moz-cite-prefix">On 30.04.20 22:59, Elad Cohen wrote:<br>
</div>
<blockquote type="cite"
cite="mid:DB7PR10MB2154FAB0A340CE577F4090ACD6AA0@DB7PR10MB2154.EURPRD10.PROD.OUTLOOK.COM">
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
<style type="text/css" style="display:none;"> P {margin-top:0;margin-bottom:0;} </style>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif;
font-size: 12pt; color: rgb(0, 0, 0);">
Stuart,</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif;
font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif;
font-size: 12pt; color: rgb(0, 0, 0);">
The costs will be much much lower than the impacts of the
following:</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif;
font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif;
font-size: 12pt; color: rgb(0, 0, 0);">
<span>Spoofed IP traffic, Spoofed amplification DDoS attacks,
BGP&RIR hijacking, IoT botnet infections and Botnet
C&Cs</span><br>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif;
font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif;
font-size: 12pt; color: rgb(0, 0, 0);">
If you prefer to stay with all the above ok lets stay with it
all.</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif;
font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif;
font-size: 12pt; color: rgb(0, 0, 0);">
If I will be elected you can be sure that I will do everything
in my power to implement my solution that will resolve for all
of it for all internet users.<br>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif;
font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif;
font-size: 12pt; color: rgb(0, 0, 0);">
Respectfully,</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif;
font-size: 12pt; color: rgb(0, 0, 0);">
Elad<br>
</div>
<hr style="display:inline-block;width:98%" tabindex="-1">
<div id="divRplyFwdMsg" dir="ltr"><font style="font-size:11pt"
face="Calibri, sans-serif" color="#000000"><b>From:</b> Stuart
Willet (primary) <a class="moz-txt-link-rfc2396E" href="mailto:stu@safehosts.co.uk"><stu@safehosts.co.uk></a><br>
<b>Sent:</b> Thursday, April 30, 2020 11:54 PM<br>
<b>To:</b> Elad Cohen <a class="moz-txt-link-rfc2396E" href="mailto:elad@netstyle.io"><elad@netstyle.io></a>;
<a class="moz-txt-link-abbreviated" href="mailto:members-discuss@ripe.net">members-discuss@ripe.net</a> <a class="moz-txt-link-rfc2396E" href="mailto:members-discuss@ripe.net"><members-discuss@ripe.net></a><br>
<b>Subject:</b> RE: Technical solution to resolve Spoofed IP
traffic, Spoofed amplification DDoS attacks, BGP&RIR
hijacking, IoT botnet infections and Botnet C&Cs</font>
<div> </div>
</div>
<style>
<!--
@font-face
{font-family:Wingdings}
@font-face
{font-family:"Cambria Math"}
@font-face
{font-family:Calibri}
p.x_MsoNormal, li.x_MsoNormal, div.x_MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman",serif}
a:link, span.x_MsoHyperlink
{color:#0563C1;
text-decoration:underline}
a:visited, span.x_MsoHyperlinkFollowed
{color:#954F72;
text-decoration:underline}
p
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman",serif}
p.x_MsoListParagraph, li.x_MsoListParagraph, div.x_MsoListParagraph
{margin-top:0cm;
margin-right:0cm;
margin-bottom:0cm;
margin-left:36.0pt;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman",serif}
p.x_msonormal0, li.x_msonormal0, div.x_msonormal0
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman",serif}
p.x_xmsonormal, li.x_xmsonormal, div.x_xmsonormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman",serif}
p.x_xmsonormal0, li.x_xmsonormal0, div.x_xmsonormal0
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman",serif}
p.x_xxmsonormal, li.x_xxmsonormal, div.x_xxmsonormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman",serif}
p.x_xxmsonormal0, li.x_xxmsonormal0, div.x_xxmsonormal0
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman",serif}
p.x_xxmsochpdefault, li.x_xxmsochpdefault, div.x_xxmsochpdefault
{margin:0cm;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Times New Roman",serif}
p.x_xmsochpdefault, li.x_xmsochpdefault, div.x_xmsochpdefault
{margin:0cm;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Times New Roman",serif}
span.x_xmsohyperlink
{color:#0563C1;
text-decoration:underline}
span.x_xmsohyperlinkfollowed
{color:#954F72;
text-decoration:underline}
span.x_xxmsohyperlink
{color:#0563C1;
text-decoration:underline}
span.x_xxmsohyperlinkfollowed
{color:#954F72;
text-decoration:underline}
span.x_xxemailstyle19
{font-family:"Calibri",sans-serif;
color:#1F497D}
span.x_xemailstyle25
{font-family:"Calibri",sans-serif;
color:#1F497D}
span.x_EmailStyle31
{font-family:"Calibri",sans-serif;
color:#1F497D}
.x_MsoChpDefault
{font-size:10.0pt}
@page WordSection1
{margin:72.0pt 72.0pt 72.0pt 72.0pt}
div.x_WordSection1
{}
ol
{margin-bottom:0cm}
ul
{margin-bottom:0cm}
-->
</style>
<div link="#0563C1" vlink="#954F72" lang="EN-GB">
<div class="x_WordSection1">
<p class="x_MsoNormal"><span style="font-size:11.0pt;
font-family:"Calibri",sans-serif; color:#1F497D">Elad,</span></p>
<p class="x_MsoNormal"><span style="font-size:11.0pt;
font-family:"Calibri",sans-serif; color:#1F497D"> </span></p>
<p class="x_MsoNormal"><span style="font-size:11.0pt;
font-family:"Calibri",sans-serif; color:#1F497D">Please
show me the costing for your solution.</span></p>
<p class="x_MsoNormal"><span style="font-size:11.0pt;
font-family:"Calibri",sans-serif; color:#1F497D">In
short, how much will it cost to update every piece of
hardware and software used in BGP sessions.</span></p>
<p class="x_MsoNormal"><span style="font-size:11.0pt;
font-family:"Calibri",sans-serif; color:#1F497D">How
will you update all the END OF LIFE hardware and software?</span></p>
<p class="x_MsoNormal"><span style="font-size:11.0pt;
font-family:"Calibri",sans-serif; color:#1F497D"> </span></p>
<p class="x_MsoNormal"><span style="font-size:11.0pt;
font-family:"Calibri",sans-serif; color:#1F497D"> </span></p>
<p class="x_MsoNormal"><span style="font-size:11.0pt;
font-family:"Calibri",sans-serif; color:#1F497D">Stuart
Willet.</span></p>
<p class="x_MsoNormal"><span style="font-size:11.0pt;
font-family:"Calibri",sans-serif; color:#1F497D"> </span></p>
<div>
<div style="border:none; border-top:solid #E1E1E1 1.0pt;
padding:3.0pt 0cm 0cm 0cm">
<p class="x_MsoNormal"><b><span style="font-size:11.0pt;
font-family:"Calibri",sans-serif"
lang="EN-US">From:</span></b><span
style="font-size:11.0pt;
font-family:"Calibri",sans-serif"
lang="EN-US"> Elad Cohen [<a class="moz-txt-link-freetext" href="mailto:elad@netstyle.io">mailto:elad@netstyle.io</a>]
<br>
<b>Sent:</b> 30 April 2020 21:50<br>
<b>To:</b> Stuart Willet (primary)
<a class="moz-txt-link-rfc2396E" href="mailto:stu@safehosts.co.uk"><stu@safehosts.co.uk></a>; <a class="moz-txt-link-abbreviated" href="mailto:members-discuss@ripe.net">members-discuss@ripe.net</a><br>
<b>Subject:</b> Re: Technical solution to resolve
Spoofed IP traffic, Spoofed amplification DDoS
attacks, BGP&RIR hijacking, IoT botnet infections
and Botnet C&Cs</span></p>
</div>
</div>
<p class="x_MsoNormal"> </p>
<div>
<p class="x_MsoNormal"><span
style="font-family:"Calibri",sans-serif;
color:black">Stuart,</span></p>
</div>
<div>
<p class="x_MsoNormal"><span
style="font-family:"Calibri",sans-serif;
color:black"> </span></p>
</div>
<div>
<p class="x_MsoNormal"><span
style="font-family:"Calibri",sans-serif;
color:black">Not anyone can afford DDoS mitigation
service and many in the Internet don't have such service
including in the Ripe region, and even for the ones that
are paying for expensive DDoS mitigation service - DDoS
attacks are using internet traffic, are using electrical
power, interfering to access services, generating crime.
If I will have the honor of being elected then I will
implement it all for the best of everyone including
negative members like you.</span></p>
</div>
<div>
<p class="x_MsoNormal"><span
style="font-family:"Calibri",sans-serif;
color:black"> </span></p>
</div>
<div>
<p class="x_MsoNormal"><span
style="font-family:"Calibri",sans-serif;
color:black">Respectfully,</span></p>
</div>
<div>
<p class="x_MsoNormal"><span
style="font-family:"Calibri",sans-serif;
color:black">Elad</span></p>
</div>
<div class="x_MsoNormal" style="text-align:center"
align="center">
<hr width="98%" size="2" align="center">
</div>
<div id="x_divRplyFwdMsg">
<p class="x_MsoNormal"><b><span style="font-size:11.0pt;
font-family:"Calibri",sans-serif;
color:black">From:</span></b><span
style="font-size:11.0pt;
font-family:"Calibri",sans-serif; color:black">
Stuart Willet (primary) <<a
href="mailto:stu@safehosts.co.uk"
moz-do-not-send="true">stu@safehosts.co.uk</a>><br>
<b>Sent:</b> Thursday, April 30, 2020 11:44 PM<br>
<b>To:</b> Elad Cohen <<a
href="mailto:elad@netstyle.io" moz-do-not-send="true">elad@netstyle.io</a>>;
<a href="mailto:members-discuss@ripe.net"
moz-do-not-send="true">
members-discuss@ripe.net</a> <<a
href="mailto:members-discuss@ripe.net"
moz-do-not-send="true">members-discuss@ripe.net</a>><br>
<b>Subject:</b> RE: Technical solution to resolve
Spoofed IP traffic, Spoofed amplification DDoS attacks,
BGP&RIR hijacking, IoT botnet infections and Botnet
C&Cs</span>
</p>
<div>
<p class="x_MsoNormal"> </p>
</div>
</div>
<div>
<div>
<p class="x_xmsonormal"><span style="font-size:11.0pt;
font-family:"Calibri",sans-serif;
color:#1F497D">Elad,</span></p>
<p class="x_xmsonormal"><span style="font-size:11.0pt;
font-family:"Calibri",sans-serif;
color:#1F497D"> </span></p>
<p class="x_xmsonormal"><span style="font-size:11.0pt;
font-family:"Calibri",sans-serif;
color:#1F497D">I have not attacked you, just pointing
out the incredibly impossible task you wish to be
undertaken.<br>
As for costs, we currently use a DDoS mitigation
service.</span></p>
<p class="x_xmsonormal"><span style="font-size:11.0pt;
font-family:"Calibri",sans-serif;
color:#1F497D"> </span></p>
<p class="x_xmsonormal"><span style="font-size:11.0pt;
font-family:"Calibri",sans-serif;
color:#1F497D">Your solution is not feasible, full
stop.</span></p>
<p class="x_xmsonormal"><span style="font-size:11.0pt;
font-family:"Calibri",sans-serif;
color:#1F497D"> </span></p>
<p class="x_xmsonormal"><span style="font-size:11.0pt;
font-family:"Calibri",sans-serif;
color:#1F497D">Respectfully,</span></p>
<p class="x_xmsonormal"><span style="font-size:11.0pt;
font-family:"Calibri",sans-serif;
color:#1F497D"> </span></p>
<p class="x_xmsonormal"><span style="font-size:11.0pt;
font-family:"Calibri",sans-serif;
color:#1F497D">Stuart Willet.</span></p>
<p class="x_xmsonormal"><span style="font-size:11.0pt;
font-family:"Calibri",sans-serif;
color:#1F497D"> </span></p>
<div>
<div style="border:none; border-top:solid #E1E1E1 1.0pt;
padding:3.0pt 0cm 0cm 0cm">
<p class="x_xmsonormal"><b><span
style="font-size:11.0pt;
font-family:"Calibri",sans-serif"
lang="EN-US">From:</span></b><span
style="font-size:11.0pt;
font-family:"Calibri",sans-serif"
lang="EN-US"> Elad Cohen [<a
href="mailto:elad@netstyle.io"
moz-do-not-send="true">mailto:elad@netstyle.io</a>]
<br>
<b>Sent:</b> 30 April 2020 21:42<br>
<b>To:</b> Stuart Willet (primary) <<a
href="mailto:stu@safehosts.co.uk"
moz-do-not-send="true">stu@safehosts.co.uk</a>>;
<a href="mailto:members-discuss@ripe.net"
moz-do-not-send="true">members-discuss@ripe.net</a><br>
<b>Subject:</b> Re: Technical solution to resolve
Spoofed IP traffic, Spoofed amplification DDoS
attacks, BGP&RIR hijacking, IoT botnet
infections and Botnet C&Cs</span></p>
</div>
</div>
<p class="x_xmsonormal"> </p>
<div>
<p class="x_xmsonormal"><span
style="font-family:"Calibri",sans-serif;
color:black">Stuart,</span></p>
</div>
<div>
<p class="x_xmsonormal"><span
style="font-family:"Calibri",sans-serif;
color:black"> </span></p>
</div>
<div>
<p class="x_xmsonormal"><span
style="font-family:"Calibri",sans-serif;
color:black">You are willing to sacrifice the good
of the community for a personal attack against me.
Regarding what you wrote: do you know how many
compute time is wasted for all the current DDoS
attacks that this solution will not resolve ? do you
know how many costs involved for organizations and
companies which are under DDoS attacks ? when you
compare the current to the state of this solution
then this solution is by far better than the current
state.</span></p>
</div>
<div>
<p class="x_xmsonormal"><span
style="font-family:"Calibri",sans-serif;
color:black"> </span></p>
</div>
<div>
<p class="x_xmsonormal"><span
style="font-family:"Calibri",sans-serif;
color:black">Respectfully,</span></p>
</div>
<div>
<p class="x_xmsonormal"><span
style="font-family:"Calibri",sans-serif;
color:black">Elad</span></p>
</div>
<div class="x_MsoNormal" style="text-align:center"
align="center">
<hr width="98%" size="2" align="center">
</div>
<div id="x_x_divRplyFwdMsg">
<p class="x_xmsonormal"><b><span
style="font-size:11.0pt;
font-family:"Calibri",sans-serif;
color:black">From:</span></b><span
style="font-size:11.0pt;
font-family:"Calibri",sans-serif;
color:black"> Stuart Willet (primary) <<a
href="mailto:stu@safehosts.co.uk"
moz-do-not-send="true">stu@safehosts.co.uk</a>><br>
<b>Sent:</b> Thursday, April 30, 2020 11:39 PM<br>
<b>To:</b> Elad Cohen <<a
href="mailto:elad@netstyle.io"
moz-do-not-send="true">elad@netstyle.io</a>>; <a
href="mailto:members-discuss@ripe.net"
moz-do-not-send="true">
members-discuss@ripe.net</a> <<a
href="mailto:members-discuss@ripe.net"
moz-do-not-send="true">members-discuss@ripe.net</a>><br>
<b>Subject:</b> RE: Technical solution to resolve
Spoofed IP traffic, Spoofed amplification DDoS
attacks, BGP&RIR hijacking, IoT botnet
infections and Botnet C&Cs</span>
</p>
<div>
<p class="x_xmsonormal"> </p>
</div>
</div>
<div>
<div>
<p class="x_xxmsonormal"><span
style="font-size:11.0pt;
font-family:"Calibri",sans-serif;
color:#1F497D">In fairness, I couldn’t even be
bothered reading further than the worlds BGP
routers needing a firmware update to DOUBLE packet
count whilst adding compute time at an individual
packet level.</span></p>
<p class="x_xxmsonormal"><span
style="font-size:11.0pt;
font-family:"Calibri",sans-serif;
color:#1F497D">Another idea, slightly marred by
the unfathomable costs involved, along with its
logistic impossibility.</span></p>
<p class="x_xxmsonormal"><span
style="font-size:11.0pt;
font-family:"Calibri",sans-serif;
color:#1F497D"> </span></p>
<p class="x_xxmsonormal"><span
style="font-size:11.0pt;
font-family:"Calibri",sans-serif;
color:#1F497D">/me sits back and grabs the
popcorn…..</span></p>
<p class="x_xxmsonormal"><span
style="font-size:11.0pt;
font-family:"Calibri",sans-serif;
color:#1F497D"> </span></p>
<div>
<div style="border:none; border-top:solid #E1E1E1
1.0pt; padding:3.0pt 0cm 0cm 0cm">
<p class="x_xxmsonormal"><b><span
style="font-size:11.0pt;
font-family:"Calibri",sans-serif"
lang="EN-US">From:</span></b><span
style="font-size:11.0pt;
font-family:"Calibri",sans-serif"
lang="EN-US"> members-discuss [<a
href="mailto:members-discuss-bounces@ripe.net"
moz-do-not-send="true">mailto:members-discuss-bounces@ripe.net</a>]
<b>On Behalf Of </b>Elad Cohen<br>
<b>Sent:</b> 30 April 2020 21:31<br>
<b>To:</b> <a
href="mailto:members-discuss@ripe.net"
moz-do-not-send="true">members-discuss@ripe.net</a><br>
<b>Subject:</b> [members-discuss] Technical
solution to resolve Spoofed IP traffic,
Spoofed amplification DDoS attacks,
BGP&RIR hijacking, IoT botnet infections
and Botnet C&Cs</span></p>
</div>
</div>
<p class="x_xxmsonormal"> </p>
<div>
<div>
<p class="x_xxmsonormal"><span
style="font-family:"Calibri",sans-serif;
color:black">Hello Ripe Members!</span></p>
</div>
<div>
<p class="x_xxmsonormal"><span
style="font-family:"Calibri",sans-serif;
color:black"> </span></p>
</div>
<div>
<p class="x_xxmsonormal"><span
style="font-family:"Calibri",sans-serif;
color:black">I will share the following
solution in the near General Meeting and I'm
interested to share the following technical
solution with you as well, it will completely
resolve: Spoofed IP traffic, Spoofed
amplification DDoS attacks, BGP&RIR
hijacking. And will dramatically lower: IoT
botnet infections and Botnet C&Cs.</span></p>
</div>
<div>
<p class="x_xxmsonormal"><span
style="font-family:"Calibri",sans-serif;
color:black"> </span></p>
</div>
<div>
<p class="x_xxmsonormal"><span
style="font-family:"Calibri",sans-serif;
color:black">By a single update to any BGP
router, not any router needs to be updated,
only active BGP routers. If I will have the
honor of being elected to the Ripe Board I
will harness all the power of Ripe and all of
the 5 RIR's and all of the LIR's in the 5
RIR's so routing manufacturing companies will
implement the below processes and methods with
a single firmware update to their BGP routers.
</span></p>
</div>
<div>
<p class="x_xxmsonormal"><span
style="font-family:"Calibri",sans-serif;
color:black"> </span></p>
</div>
<div>
<p class="x_xxmsonormal"><span
style="font-family:"Calibri",sans-serif;
color:black">I'm asking for your support in
electing me so I will be able to enter the
Ripe Board and then I will be able to make
everything which is written in this post to
come true.</span></p>
</div>
<div>
<p class="x_xxmsonormal"><span
style="font-family:"Calibri",sans-serif;
color:black"> </span></p>
</div>
<div>
<p class="x_xxmsonormal"><span
style="font-family:"Calibri",sans-serif;
color:black"> </span></p>
</div>
<div>
<p class="x_xxmsonormal"><span
style="font-family:"Calibri",sans-serif;
color:black">Regarding the bgp-anycasted
infrastructure written below, ICANN is written
but the global bgp-anycasted infrastructure
can be managed by the 5 RIR's and/or by the
ccTLDs registries (my main point is that who
will operate the bgp-anycasted infrastructure
is not important for now, as long as it will
be an agreed authoritative non-governmental
non-commercial global entity/ies)</span></p>
</div>
<div>
<p class="x_xxmsonormal"><span
style="font-family:"Calibri",sans-serif;
color:black"> </span></p>
<div>
<p class="x_xxmsonormal"><span
style="font-family:"Calibri",sans-serif;
color:black">With new tracking protocol over
ip, routers will be able to confirm that
source ip came from the network of the
announcing ASN, and hence spoofed
amplification DDoS attacks will be
completely annihilated.</span></p>
</div>
</div>
<div>
<p class="x_xxmsonormal"><span
style="font-family:"Calibri",sans-serif;
color:black"> </span></p>
</div>
<div>
<p class="x_xxmsonormal"><span
style="font-family:"Calibri",sans-serif;
color:black"> </span></p>
<div>
<p class="x_xxmsonormal"><span
style="font-family:"Calibri",sans-serif;
color:black">The Process:</span></p>
</div>
<div>
<p class="x_xxmsonormal"><span
style="font-family:"Calibri",sans-serif;
color:black"> </span></p>
</div>
<div>
<p class="x_xxmsonormal"><span
style="font-family:"Calibri",sans-serif;
color:black">At the source BGP router, for
any ip packet with a source address that is
from the network of the source BGP router
(lets call it original ip packet) - the
source BGP router will create a new ip
packet (lets call it tracking ip packet)
with a new transport layer protocol and with
the same source address and with the same
destination address and with the same IP-ID
such as the original ip packet.</span></p>
</div>
<div>
<p class="x_xxmsonormal"><span
style="font-family:"Calibri",sans-serif;
color:black"> </span></p>
</div>
<div>
<p class="x_xxmsonormal"><span
style="font-family:"Calibri",sans-serif;
color:black">In the new tracking ip packet
there will be a new transport layer protocol
(tracking protocol) with the following
fields:</span></p>
</div>
<div>
<p class="x_xxmsonormal"><span
style="font-family:"Calibri",sans-serif;
color:black">AS number of source BGP router
in clear text</span></p>
</div>
<div>
<p class="x_xxmsonormal"><span
style="font-family:"Calibri",sans-serif;
color:black">AS number of source BGP router
encrypted with the private key of the source
BGP router</span></p>
</div>
<div>
<p class="x_xxmsonormal"><span
style="font-family:"Calibri",sans-serif;
color:black"> </span></p>
</div>
<div>
<p class="x_xxmsonormal"><span
style="font-family:"Calibri",sans-serif;
color:black">The destination BGP router (a
BGP router that the destination address is
in its network) whenever it receive a
'tracking ip packet' will check if its have
the internal boolean 'Check tracking flag'
in it - 'on' or 'off':</span></p>
</div>
<div>
<p class="x_xxmsonormal"><span
style="font-family:"Calibri",sans-serif;
color:black">If 'off' then the destination
BGP router will drop that 'tracking ip
packet'</span></p>
</div>
<div>
<p class="x_xxmsonormal"><span
style="font-family:"Calibri",sans-serif;
color:black"> </span></p>
</div>
<div>
<p class="x_xxmsonormal"><span
style="font-family:"Calibri",sans-serif;
color:black">If 'on' then the destination
BGP router will decrypt the 'encrypted AS
number' with the public key of the specific
AS number</span></p>
</div>
<div>
<p class="x_xxmsonormal"><span
style="font-family:"Calibri",sans-serif;
color:black">and after decryption the AS
number need to be the result:</span></p>
</div>
<div>
<p class="x_xxmsonormal"><span
style="font-family:"Calibri",sans-serif;
color:black">if not then to drop the
tracking ip packet and the original ip
packet related to it</span></p>
</div>
<div>
<p class="x_xxmsonormal"><span
style="font-family:"Calibri",sans-serif;
color:black">if yes then to drop the
tracking ip packet and to forward the
related original ip packet to destination
but only if the source address is originated
from the specific ASN (according to the
local ASNs+ranges table in the BGP router,
such table will be received from ICANN)</span></p>
</div>
<div>
<p class="x_xxmsonormal"><span
style="font-family:"Calibri",sans-serif;
color:black"> </span></p>
</div>
<div>
<p class="x_xxmsonormal"><span
style="font-family:"Calibri",sans-serif;
color:black"> </span></p>
</div>
<div>
<p class="x_xxmsonormal"><span
style="font-family:"Calibri",sans-serif;
color:black">If the 'Check tracking flag' is
set to 'on' then any original ip packet that
arrive to the destination BGP router will
wait for the related tracking ip packet (in
case the related tracking ip packet didn't
already arrived to the destination BGP
router). The destination BGP router will
manage such waiting for X number of seconds.</span></p>
</div>
<div>
<p class="x_xxmsonormal"><span
style="font-family:"Calibri",sans-serif;
color:black"> </span></p>
</div>
<div>
<p class="x_xxmsonormal"><span
style="font-family:"Calibri",sans-serif;
color:black">The destination BGP router will
match between a tracking ip packet and an
original ip packet - based on their source
address and their destination address and
their IP-ID which will all be identical.</span></p>
</div>
<div>
<p class="x_xxmsonormal"><span
style="font-family:"Calibri",sans-serif;
color:black"> </span></p>
</div>
<div>
<p class="x_xxmsonormal"><span
style="font-family:"Calibri",sans-serif;
color:black"> </span></p>
</div>
<div>
<p class="x_xxmsonormal"><span
style="font-family:"Calibri",sans-serif;
color:black"> </span></p>
</div>
<div>
<p class="x_xxmsonormal"><span
style="font-family:"Calibri",sans-serif;
color:black">More Aspects:</span></p>
</div>
<div>
<p class="x_xxmsonormal"><span
style="font-family:"Calibri",sans-serif;
color:black"> </span></p>
</div>
<div>
<p class="x_xxmsonormal"><span
style="font-family:"Calibri",sans-serif;
color:black">- The end-devices will not need
to be updated, any router will not need to
be updated, only all the BGP routers will
need to be updated.</span></p>
</div>
<div>
<p class="x_xxmsonormal"><span
style="font-family:"Calibri",sans-serif;
color:black">- Any BGP router in the routing
path, which the original ip packet and the
tracking ip packet are not destined to an ip
address in its own network - will not check
the content of the tracking ip packet and
will forward both the tracking ip packet and
the original ip packet as they are.</span></p>
</div>
<div>
<p class="x_xxmsonormal"><span
style="font-family:"Calibri",sans-serif;
color:black">- Each BGP router will have all
the public keys (of all the ASN's) locally.</span></p>
</div>
<div>
<p class="x_xxmsonormal"><span
style="font-family:"Calibri",sans-serif;
color:black">- Each BGP router will have a
full list of all the ASN's and all the route
objects ranges which are related to them
locally.</span></p>
</div>
<div>
<p class="x_xxmsonormal"><span
style="font-family:"Calibri",sans-serif;
color:black"> </span></p>
</div>
<div>
<p class="x_xxmsonormal"><span
style="font-family:"Calibri",sans-serif;
color:black"> </span></p>
</div>
<div>
<p class="x_xxmsonormal"><span
style="font-family:"Calibri",sans-serif;
color:black"> </span></p>
</div>
<div>
<p class="x_xxmsonormal"><span
style="font-family:"Calibri",sans-serif;
color:black">How BGP routers will receive
all the ranges in all the route objects of
all the ASNs (in the 5 RIRs) and all the
public keys of all the ASNs (for decrypting
the encrypted strings in 'tracking ip
packets'):</span></p>
</div>
<div>
<p class="x_xxmsonormal"><span
style="font-family:"Calibri",sans-serif;
color:black"> </span></p>
</div>
<div>
<p class="x_xxmsonormal"><span
style="font-family:"Calibri",sans-serif;
color:black">- Each BGP router will create a
tcp session with ICANN backend
infrastructure (the backend infrastructure
of ICANN will use BGP anycast and will be
available from many locations worldwide with
automatic syncing)</span></p>
</div>
<div>
<p class="x_xxmsonormal"><span
style="font-family:"Calibri",sans-serif;
color:black">- At this stage there will be a
handshake process between the BGP router and
the ICANN backend infrastructure in order
for ICANN to know the correct ASN which is
operating the BGP router - the BGP router
will send its ASN in cleartext and also its
ASN encrypted with its
ICANN-communication-private-key , ICANN will
know the related public key for the specific
ASN from the specific ASN object in the RIR
(the public key for communication with ICANN
will be displayed there) - after decryption
ICANN will compare the decrypted string to
the AS Number for successful authentication.</span></p>
</div>
<div>
<p class="x_xxmsonormal"><span
style="font-family:"Calibri",sans-serif;
color:black">- After successful
authentication, all the communication will
be encrypted, ICANN will notify the BGP
router about its public key and ICANN will
use the public key of the ASN for the
communication with ICANN - from the ASN
object in the RIR.</span></p>
</div>
<div>
<p class="x_xxmsonormal"><span
style="font-family:"Calibri",sans-serif;
color:black">- The BGP router will send over
the session its public key to be used by
other BGP routers in order to decrypt the
encrypted string in the tracking ip packets
that it will originate (that private key and
public key will be managed in the BGP router
GUI or CLI).</span></p>
</div>
<div>
<p class="x_xxmsonormal"><span
style="font-family:"Calibri",sans-serif;
color:black">- ICANN will notify all the
other BGP routers through the sessions with
them about a newly updated such public key
of any other BGP router.</span></p>
</div>
<div>
<p class="x_xxmsonormal"><span
style="font-family:"Calibri",sans-serif;
color:black">- ICANN will also receive in
real-time any route object
creation/modification/deletion notification
from any of the 5 RIRs and will then update
all the BGP routers through all of their
sessions.</span></p>
</div>
<div>
<p class="x_xxmsonormal"><span
style="font-family:"Calibri",sans-serif;
color:black"> </span></p>
</div>
<div>
<p class="x_xxmsonormal"><span
style="font-family:"Calibri",sans-serif;
color:black">- In case a BGP router doesn't
have an active session to ICANN backend
infrastructure (for any reason, might be due
to networking issue) - then temporarily the
internal 'Check tracking flag' of it will be
set to 'off'. After the session with ICANN
backend infrastructure will be
re-established and the BGP router will
receive all the meantime updates - the
boolean value of 'Check internal flag' will
return to initial state.</span></p>
</div>
<div>
<p class="x_xxmsonormal"><span
style="font-family:"Calibri",sans-serif;
color:black">- Any update from ICANN backend
infrastructure to a BGP router (such as a
public key of another BGP router, or a
routing object update) - will be confirmed
that the update was received well by the BGP
router side.</span></p>
</div>
<div>
<p class="x_xxmsonormal"><span
style="font-family:"Calibri",sans-serif;
color:black"> </span></p>
</div>
<div>
<p class="x_xxmsonormal"><span
style="font-family:"Calibri",sans-serif;
color:black"> </span></p>
</div>
<div>
<p class="x_xxmsonormal"><span
style="font-family:"Calibri",sans-serif;
color:black"> </span></p>
</div>
<div>
<p class="x_xxmsonormal"><span
style="font-family:"Calibri",sans-serif;
color:black">'Check tracking flag' in BGP
Routers:</span></p>
</div>
<div>
<p class="x_xxmsonormal"><span
style="font-family:"Calibri",sans-serif;
color:black"> </span></p>
</div>
<div>
<p class="x_xxmsonormal"><span
style="font-family:"Calibri",sans-serif;
color:black">- BGP routers, in their GUI and
CLI interfaces - will not allow the end-user
to set the boolean value of 'Check tracking
flag', in order to avoid misconfiguration.</span></p>
</div>
<div>
<p class="x_xxmsonormal"><span
style="font-family:"Calibri",sans-serif;
color:black">- The ICANN backend
infrastructure through the session with the
BGP router - will be able to set the boolean
value of the 'Check tracking flag'.</span></p>
</div>
<div>
<p class="x_xxmsonormal"><span
style="font-family:"Calibri",sans-serif;
color:black">- The reason for it, is that if
'Check tracking flag' will be set on some
destination BGP routers while some other
source BGP routers weren't upgraded yet (and
will not send the 'tracking ip packet' due
to it) - then 'tracking ip packet' will
never reach the destination BGP router and
the internet will break.</span></p>
</div>
<div>
<p class="x_xxmsonormal"><span
style="font-family:"Calibri",sans-serif;
color:black">- Central setting of 'Check
tracking flag' through ICANN backend
infrastructure - will allow ICANN to inform
all the BGP routers at once to switch 'on'
the 'Check tracking flag'</span></p>
</div>
<div>
<p class="x_xxmsonormal"><span
style="font-family:"Calibri",sans-serif;
color:black">- ICANN, in the session to any
BGP router, will also receive the percentage
of ip packets that were destained to that
BGP router network - that also had ip
tracking packets, in this way ICANN will
know when all the BGP routers were properly
globally updated and when it is time to
enable the 'Check tracking flag' in all the
BGP routers.</span></p>
</div>
<div>
<p class="x_xxmsonormal"><span
style="font-family:"Calibri",sans-serif;
color:black">- ICANN will know if all the
BGP routers in the world were upgraded based
on keeping the full BGP table and comparing
it to all the BGP routers that did and that
did not open a session to ICANN backend
infrastructure.</span></p>
</div>
<div>
<p class="x_xxmsonormal"><span
style="font-family:"Calibri",sans-serif;
color:black"> </span></p>
</div>
<div>
<p class="x_xxmsonormal"><span
style="font-family:"Calibri",sans-serif;
color:black"> </span></p>
</div>
<div>
<p class="x_xxmsonormal"><span
style="font-family:"Calibri",sans-serif;
color:black"> </span></p>
</div>
<div>
<p class="x_xxmsonormal"><span
style="font-family:"Calibri",sans-serif;
color:black">Automatic preventation of IoT
botnet infections:</span></p>
</div>
<div>
<p class="x_xxmsonormal"><span
style="font-family:"Calibri",sans-serif;
color:black"> </span></p>
</div>
<div>
<p class="x_xxmsonormal"><span
style="font-family:"Calibri",sans-serif;
color:black">- IoT botnets are based on
default credentials, if we can block default
credentials of IoT devices then these kind
of botnets (such as Mirai-variants and
similar) will stop to have an impact in the
internet.</span></p>
</div>
<div>
<p class="x_xxmsonormal"><span
style="font-family:"Calibri",sans-serif;
color:black">- The data field in an ip
packet - will always be the same for an
access attempt to a IoT device with default
credentials - hence these kind of "IP
protocol data fingerprints" which are
related to specific "IP protocol numbers"
will be provided by ICANN backend
infrastructure to each BGP router through
the opened session with it.</span></p>
</div>
<div>
<p class="x_xxmsonormal"><span
style="font-family:"Calibri",sans-serif;
color:black">- There are two issues with
matching incoming ip packets to the "locally
stored IP protocol data fingerprints" - the
first one is that ip packets can be sent by
fragments (so not all the data field will be
sent at once in order to be able to be
compared with the locally stored data
fingerprints) and the second is that
usernames (or url's) or any other textual
data in the incoming ip packet data field
can be in uppercase or in lowercase. In
order to overcome the possibility of the
existence of a single data fingerprint in
multiple incoming ip packet fragments - then
in case the BGP router is recognizing the
incoming fragmented ip packet data value as
part of an existing fingerprint data in its
local database then it will keep track of
the arrival ip packet fragments based on
their specific IP-ID identifier and the BGP
router will not forward the last ip packet
fragment if the last ip packet fragment will
cause all the related ip packet fragments to
match a specific ip fingerprint data (last
ip packet doesn't have to be the last
fragmented part but it is the last ip packet
that arrived with that IP-ID identifier, so
the BGP router will keep track of the
specific fragmented IP packets that arrived
and their indexes in order to know when the
last one of them arrived). Regarding the
second issue - the stored data fingerprints
in the local BGP router will be stored in a
way that some bytes of them (in specific
indexes) will not be compared and in case
all the other bytes will match - then the
bytes in these indexes - will first be
lowered case - and only then comparison will
be made to the specific indexed bytes in the
specific ip packet data fingerprint.</span></p>
</div>
<div>
<p class="x_xxmsonormal"><span
style="font-family:"Calibri",sans-serif;
color:black">- In case a IoT device behind a
BGP router will be infected somehow (for
example when a specific fingerprint data
with default credentials for a specific
device wasn't updated yet through ICANN
backend infrastructure), it will be able to
infect all the other IoT devices in the
local network when the connectivity to them
is not through the BGP router, that kind of
impact will be much much lower than infected
IoT device which can infect any other IoT
device in the internet and then massive
botnets in the internet are created which
are being used for DDoS.</span></p>
</div>
<div>
<p class="x_xxmsonormal"><span
style="font-family:"Calibri",sans-serif;
color:black"> </span></p>
</div>
<div>
<p class="x_xxmsonormal"><span
style="font-family:"Calibri",sans-serif;
color:black"> </span></p>
</div>
<div>
<p class="x_xxmsonormal"><span
style="font-family:"Calibri",sans-serif;
color:black"> </span></p>
</div>
<div>
<p class="x_xxmsonormal"><span
style="font-family:"Calibri",sans-serif;
color:black">Automatic prevention of botnet
C&C ip addresses:</span></p>
</div>
<div>
<p class="x_xxmsonormal"><span
style="font-family:"Calibri",sans-serif;
color:black"> </span></p>
</div>
<div>
<p class="x_xxmsonormal"><span
style="font-family:"Calibri",sans-serif;
color:black">- Botnets C&C are also a
problem in the internet.</span></p>
</div>
<div>
<p class="x_xxmsonormal"><span
style="font-family:"Calibri",sans-serif;
color:black">- This problem can be overcome
using the following technical addition: the
5 RIR's will operate end-users honeypots
machines all over the world (it will be
implemented by a single physical machine in
each location, for example in each
datacenter and in each major ISP, each
single physical machine will emulate a
virtual router and virtual VM's, the virtual
VM's will emulate many different kinds of
'real world machines', any kind of automatic
updating (in the operating system
configurations) will be disabled, these
honeypots machines are not intended to make
any outgoing connection, the virtual routers
will monitor if any outgoing connection is
made and if yes then it is to a botnet
C&C, the virtual router will update the
ICANN backend infrastructure regarding it
and the ICANN backend infrastructure will
update all the BGP routers (in their open
sessions) regarding it to completely block
any communication to that botnet C&C ip
address. There will be a web-based system
and only the related Law Enforcement Agency
of that C&C ip address region - will be
able to remove that C&C ip address from
being blocked after their manual check.</span></p>
</div>
<div>
<p class="x_xxmsonormal"><span
style="font-family:"Calibri",sans-serif;
color:black">- Honeypot machines will be
deployed using 'templates' - these templates
must be signed and not anyone can create
them, they should be created and signed by
an agreed Law Enforcement Agency such as
Interpol in order to make sure that these
templates are by-design not making any
outgoing connection. The templates will be
deployed in an automatic way (major ISP's
and datacenters will be able to easily add a
'physical honeypot' server in their network,
that will be shipped to them), the
re-initiation of a compromised 'virtual
machine' that made an outgoing connection -
will also be automatic through the system in
the physical server.</span></p>
</div>
<div>
<p class="x_xxmsonormal"><span
style="font-family:"Calibri",sans-serif;
color:black"> </span></p>
</div>
<div>
<p class="x_xxmsonormal"><span
style="font-family:"Calibri",sans-serif;
color:black"> </span></p>
</div>
<div>
<p class="x_xxmsonormal"><span
style="font-family:"Calibri",sans-serif;
color:black">Respectfully,</span></p>
</div>
<div>
<p class="x_xxmsonormal"><span
style="font-family:"Calibri",sans-serif;
color:black">Elad</span></p>
</div>
</div>
<p class="x_xxmsonormal"><span
style="font-family:"Calibri",sans-serif;
color:black"> </span></p>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
members-discuss mailing list
<a class="moz-txt-link-abbreviated" href="mailto:members-discuss@ripe.net">members-discuss@ripe.net</a>
<a class="moz-txt-link-freetext" href="https://mailman.ripe.net/">https://mailman.ripe.net/</a>
Unsubscribe: <a class="moz-txt-link-freetext" href="https://lists.ripe.net/mailman/options/members-discuss/lists%40velder.li">https://lists.ripe.net/mailman/options/members-discuss/lists%40velder.li</a>
</pre>
</blockquote>
</body>
</html>