Konda, Tirumaleswar Reddy <TirumaleswarReddy_Konda@xxxxxxxxxx> wrote:
> Stephen is referring to an attack where a compromised DOTS client
> initiates mitigation request for a target resource that is attacked and
> learns the mitigation efficacy of the DOTS server, informs the
> mitigation efficacy to DDoS attacker to change the DDoS attack
> strategy.
Is there a word for an an infantry troup who goes behind enemy lines in order
to communicate how will the artilery is? I guess a modern form is these
laser targetted missiles, where the target is "painted".
I don't know if there are words for this kind of thing, but this would seem
to describe the situation.
> We can add the following lines to address his comment:
> A compromised DOTS client can collude with a DDoS attacker to send
> mitigation request for a target resource, learns the mitigation
> efficacy from the DOTS server, and conveys the efficacy to the DDoS
> attacker to learn the mitigation capabilities of the DDoS mitigation
> and to possibly change the DDoS attack strategy. This attack can be
> prevented by auditing the behavior of DOTS clients and authorizing the
> DOTS client to request mitigation for specific target resources.
If a resource is already under attack, there are already mitigation requests
for that target, can a compromised DOTS client leaern anything by requesting
mitigation on the same target?
--
Michael Richardson <mcr+IETF@xxxxxxxxxxxx>, Sandelman Software Works
-= IPv6 IoT consulting =-
Attachment:
signature.asc
Description: PGP signature
