[e2e] 100% NAT - a DoS proof internet

Joe Touch touch at ISI.EDU
Tue Feb 14 07:49:12 PST 2006

Jon Crowcroft wrote:
> um, i think you need to re-read about DHTs and consistent hashes

What I was saying was that this variant won't work behind a NAT. I
mistook that from your initial post; I still consider it accurate, but
it may be off topic.


This is basically just frequency allocation. Each algorithm would have
its preferred frequency; assuming that endpoints are sync'd, you 'meet'
on the same frequency as the other end you want to speak with.

Unfortunately, unless the algorithm or some mutual offset (aka 'key')
between the endpoints is predeployed, the attacker code will know (and
use) the same mechanism and with the same algorithm. I.e., it'll send a
DHTime request, get a meeting time, and send its attack that way.

Either this will slow down legitimate applications, or attackers will
just mimic legitimate applications and move on. Time-based attacks are
not uncommon - consider window attacks on TCP.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 250 bytes
Desc: OpenPGP digital signature
Url : http://www.postel.org/pipermail/end2end-interest/attachments/20060214/a63e3fc8/signature.bin

More information about the end2end-interest mailing list