[e2e] 100% NAT - a DoS proof internet
Angelos D. Keromytis
angelos at cs.columbia.edu
Tue Feb 14 13:56:54 PST 2006
We have a tech report on the subject of DoS attacks inside a DHT:
http://www1.cs.columbia.edu/~library/TR-repository/reports/reports-2004/cucs-019-04.pdf
It's a little dated (and too math-heavy)...we have a paper currently
under submission that refines the idea in the tech report and also
presents a Pushback-like defense...
Cheers,
-Angelos
Christian Huitema wrote:
>>Jon Crowcroft wrote:
>>
>>>um, i think you need to re-read about DHTs and consistent hashes
>>
>>What I was saying was that this variant won't work behind a NAT. I
>>mistook that from your initial post; I still consider it accurate, but
>>it may be off topic.
>
>
> Protecting DHT against DOS attacks is indeed a big issue. Consider:
>
> 1) The nodes participating in the DHT need an open communication port
> which is ipso facto a target for DOS attacks,
> 2) The nodes observing the DHT learn these ports, and also the addresses
> of many other nodes, enabling various forms of attack propagation,
> 3) The DHT application itself can be victim of DOS attacks, e.g. various
> forms of name injection, query overload, response spoofing.
>
> In fact, solving such issues is an interesting challenge for end-to-end
> researchers!
>
> -- Christian Huitema
More information about the end2end-interest
mailing list