[e2e] 100% NAT - a DoS proof internet
touch at ISI.EDU
Tue Feb 14 13:16:28 PST 2006
-----BEGIN PGP SIGNED MESSAGE-----
Christian Huitema wrote:
>>Jon Crowcroft wrote:
>>>um, i think you need to re-read about DHTs and consistent hashes
>>What I was saying was that this variant won't work behind a NAT. I
>>mistook that from your initial post; I still consider it accurate, but
>>it may be off topic.
Per below, "off topic" in response to Jon's initial post, not "off topic
for this list". (FWIW, all my recent posts have been individual; I
usually sign posts as list admin as such)
> Protecting DHT against DOS attacks is indeed a big issue. Consider:
> 1) The nodes participating in the DHT need an open communication port
> which is ipso facto a target for DOS attacks,
> 2) The nodes observing the DHT learn these ports, and also the addresses
> of many other nodes, enabling various forms of attack propagation,
> 3) The DHT application itself can be victim of DOS attacks, e.g. various
> forms of name injection, query overload, response spoofing.
> In fact, solving such issues is an interesting challenge for end-to-end
Yes, DHT under DOS attacks is.
IMO, DHT behind NATs is too, but AFAICT they don't work behind NATs any
better than any other application-layer service.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
More information about the end2end-interest