[e2e] 100% NAT - a DoS proof internet

Joe Touch touch at ISI.EDU
Mon Feb 13 08:35:21 PST 2006 

Hi, Jon,

Jon Crowcroft wrote:
> there's no central anything - there is a pool of unallocated globally
> reachable addresses and a set of points (where, as yet, you can't 
> ingress/egress) around the edge of the net -

So let's start. In the beginning, there is no DHT. Your host and mine
are behind NATs. Don't we FIRST need to join the DHT? How do we do that?

> behind these points, one can cause a globally reachable address to be 
> allocated for an egress w.r.t. an ingress for unidirectional
> communication at some time - so the other end can then try sending to
> it (only at that time) - this usefully has the side effect of
> allocating another globally reachable pinhole at the source so the
> sink (but noone else) could optionally answer

Allocating these addresses is what NAT's already do - some for a pool of
addresses, some for an address/port pair. All that does is allow your
host and my host to end up receiving incoming calls on those addresses.

We still need to find each others' addresses; you haven't told us how to
do that. The DHT by which we might find each other doesn't exist yet.

--

Finally, whatever ID you want to expose to the world (DHT node ID, DNS
name, etc.) just 'undoes' what the NAT did. Every reason you had for
NAT'ing the host is a reason to "NAT" those IDs at some point, where
you're back where you started.

Joe

> thing of the time being a capability and this being a 
> very virtual circuit.
> 
> its not like IP, jim, at all.
> 
> In missive <43F0B13C.8080801 at isi.edu>, Joe Touch typed:
> 
>  >>This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
>  >>--------------enig8AEE14DC4866D756D31CF09B
>  >>Content-Type: text/plain; charset=ISO-8859-1
>  >>Content-Transfer-Encoding: quoted-printable
>  >>
>  >>Hi, Jon,
>  >>
>  >>Jon Crowcroft wrote:
>  >>> So there's three things here
>  >>>=20
>  >>> 1/ a mad idea for a DoS proof internet - This goes like this:
>  >>>=20
>  >>> What if 100% of hosts were behing a NAT (a bit like mark handley and
>  >>> adam greenhalgh's idea on a dos proof internet in fdna a while back,=20
>  >>> but taken to extreme, or also like default off paper in hotnets)
>  >>>=20
>  >>> So how would you ever reach someone (like most NAT traversal stuff is
>  >>> tricky - viz skype - see also below:)
>  >>>=20
>  >>> Meanwhile, here is how: Distributed Hashed Time.
>  >>>=20
>  >>> So we all know about DHTs - they hash an object to a node id, then use
>  >>> some p2p route to get to the node id (e.g. MIT's chord finger table
>  >>> etc etc).
>  >>>=20
>  >>> So if we want to talk to a set of known people, we hash their
>  >>> identifier (name) to TIME. We then send to each other at that agreed
>  >>> time - no-one else can send to us or from us to them, and the hash key
>  >>> can be a shared secret....
>  >>
>  >>How do you "send to each other"?
>  >>
>  >>You need to talk to a host behind a NAT. You need to reach the service
>  >>on that host that runs this DHTime protocol. You can have more than one
>  >>host behind the NAT. A NAT basically makes everything behind it look
>  >>like one host.
>  >>
>  >>There are two options:
>  >>
>  >>	a. the host behind the NAT tries to reach the other host first
>  >>		this works only if the 'other host' is NOT behind
>  >>		a NAT, so we're out of luck
>  >>
>  >>	b. you 'register' your host somewhere as owning a unique
>  >>	way to demultiplex packets to it
>  >>
>  >>A DHT does both of these - (a) to reach a node somewhere else that is
>  >>NOT NAT'd first, then (b) to register in that infrastructure so other
>  >>nodes can find it using its node ID.
>  >>
>  >>Two killer questions:
>  >>
>  >>	1. if everything is NAT'd, how do you perform step (a)?
>  >>		i.e., where is the first place you register?
>  >>
>  >>	2. (b) assumes hosts have unique node-IDs, but you
>  >>	went through a lot of trouble to remove that property (NATs)
>  >>
>  >>		for every reason you had a NAT in the base net,
>  >>		why is it now acceptable to not NAT the node-IDs?
>  >>
>  >>		- if you NAT node IDs, you're back where you started
>  >>
>  >>		- if you're OK with not NAT'ing node IDs, why did you
>  >>		NAT the base net?
>  >>			i.e., non-NAT'd node IDs now become susceptible
>  >>			to every message on the DHT
>  >>
>  >>> there you go...the details should be simple (apart from how you
>  >>> provide sufficiently accurate synchronized time without a globally
>  >>> reachable adddress betweewn the NTP servers, which, I admit, is
>  >>> probably a mite tricky - i guess you need to have them agree a set of
>  >>> rough times or something:)
>  >>
>  >>Time, IMO, is the least of your concerns...
>  >>
>  >>Joe
>  >>
>  >>
>  >>--------------enig8AEE14DC4866D756D31CF09B
>  >>Content-Type: application/pgp-signature; name="signature.asc"
>  >>Content-Description: OpenPGP digital signature
>  >>Content-Disposition: attachment; filename="signature.asc"
>  >>
>  >>-----BEGIN PGP SIGNATURE-----
>  >>Version: GnuPG v1.4.1 (MingW32)
>  >>Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>  >>
>  >>iD8DBQFD8LE8E5f5cImnZrsRAlIaAJ9Dq0kBFWBmw5SzWpZBVSq6h94pMACg6EzY
>  >>VBmeL/dEBX6qvumw8swM4TQ=
>  >>=cuLP
>  >>-----END PGP SIGNATURE-----
>  >>
>  >>--------------enig8AEE14DC4866D756D31CF09B--
> 
>  cheers
> 
>    jon

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 250 bytes
Desc: OpenPGP digital signature
Url : http://www.postel.org/pipermail/end2end-interest/attachments/20060213/8bd9c69a/signature-0001.bin

More information about the end2end-interest mailing list