[e2e] 100% NAT - a DoS proof internet

Joe Touch touch at ISI.EDU
Tue Feb 14 13:16:28 PST 2006

Hash: SHA1

Christian Huitema wrote:
>>Jon Crowcroft wrote:
>>>um, i think you need to re-read about DHTs and consistent hashes
>>What I was saying was that this variant won't work behind a NAT. I
>>mistook that from your initial post; I still consider it accurate, but
>>it may be off topic.

Per below, "off topic" in response to Jon's initial post, not "off topic
for this list". (FWIW, all my recent posts have been individual; I
usually sign posts as list admin as such)

> Protecting DHT against DOS attacks is indeed a big issue. Consider:
> 1) The nodes participating in the DHT need an open communication port
> which is ipso facto a target for DOS attacks,
> 2) The nodes observing the DHT learn these ports, and also the addresses
> of many other nodes, enabling various forms of attack propagation,
> 3) The DHT application itself can be victim of DOS attacks, e.g. various
> forms of name injection, query overload, response spoofing.
> In fact, solving such issues is an interesting challenge for end-to-end
> researchers!

Yes, DHT under DOS attacks is.

IMO, DHT behind NATs is too, but AFAICT they don't work behind NATs any
better than any other application-layer service.

Version: GnuPG v1.2.4 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org


More information about the end2end-interest mailing list