ancp network anti attack updates n.
Skip this Video
Loading SlideShow in 5 Seconds..
ANCP Network Anti-Attack Updates PowerPoint Presentation
Download Presentation
ANCP Network Anti-Attack Updates

Loading in 2 Seconds...

play fullscreen
1 / 9

ANCP Network Anti-Attack Updates - PowerPoint PPT Presentation

  • Uploaded on

ANCP Network Anti-Attack Updates. draft-fan-ancp-network-anti-attack-01 IETF 78 th , July. 25-30, 2010 Bo Wu ( ) Liang Fan ( ) Bo Yuan ( ) ZTE Corporation. Current Status. 01-version updates

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'ANCP Network Anti-Attack Updates' - lethia

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
ancp network anti attack updates

ANCP Network Anti-Attack Updates


IETF 78th , July. 25-30, 2010

Bo Wu ( )

Liang Fan ( )

Bo Yuan (

ZTE Corporation

current status
Current Status
  • 01-version updates
    • Add 2 use cases based on comments from last meeting
problem statement


Problem statement
  • Traditionally, network attacks from subscribers are detected at NAS site
  • Detection could be done by NAS or additional device, such as Firewall/DPI box.

Centralized attacking detection & policy enforcement

case 1 control message attack
Case 1: Control Message Attack
  • PPPoE/DHCP Control Message Attack
    • PPPoE PADI, DHCP discover, etc.
    • Could be a fake one or just replicated from the original one
    • Massive amount of packets per second
  • Influence to the NAS
    • All control message will be sent to the control plane
    • Though trigger the traffic managing policy on control plane, but will Loss of the legal control message of the same type
    • NAS will enforce ACL to rate-limit control packets from dedicated subscriber


example padi packet attack


Example: PADI Packet Attack
  • The attacker sends a large number of PADI Packets
  • The NAS receives these packets and sends the packets to its control plane
  • The PPP control plane on the NAS will be aware of the abnormal rate of control messages from a dedicated subscriber
  • The NAS sends the anti-attack policy to the AN.
case 2 dos attack
Case 2: DOS Attack
  • DOS attack
    • SYN flood, fraggle, smurf, etc.
    • Towards the NAS & the network behind the NAS
    • Usually happened on a large number of hosts (synchronously)
  • Original Solution
    • Detected on the NAS site, by an internal or external DPI function module
    • Policies implemented on the NAS site


example syn flood attack
Example: SYN Flood Attack
  • The attacker sends a large number of SYN packets
  • The NAS will be aware of the SYN flood attack from the dedicated subscriber with or without an external box.
  • The NAS sends the anti-attack policy to the AN.


  • Use ANCP to dynamically trigger current available function on the AN.
  • MAC Black/White List
    • Send MAC black list of the attacking message, or MAC white list of the registered MAC addresses to the AN
    • MAC white list not applicable to enterprise user
  • MAC Table Size Limitation
    • Enable MAC learning limitation on the AN
  • MAC Rate Limitation
    • Limit upstream rate of a dedicated MAC on the AN
    • No influence to other hosts on the same access loop
next steps
Next steps
  • Need comments from work group

Thank you