[e2e] 100% NAT - a DoS proof internet

Angelos D. Keromytis angelos at cs.columbia.edu
Tue Feb 14 13:56:54 PST 2006

We have a tech report on the subject of DoS attacks inside a DHT:


It's a little dated (and too math-heavy)...we have a paper currently 
under submission that refines the idea in the tech report and also 
presents a Pushback-like defense...

Christian Huitema wrote:
>>Jon Crowcroft wrote:
>>>um, i think you need to re-read about DHTs and consistent hashes
>>What I was saying was that this variant won't work behind a NAT. I
>>mistook that from your initial post; I still consider it accurate, but
>>it may be off topic.
> Protecting DHT against DOS attacks is indeed a big issue. Consider:
> 1) The nodes participating in the DHT need an open communication port
> which is ipso facto a target for DOS attacks,
> 2) The nodes observing the DHT learn these ports, and also the addresses
> of many other nodes, enabling various forms of attack propagation,
> 3) The DHT application itself can be victim of DOS attacks, e.g. various
> forms of name injection, query overload, response spoofing.
> In fact, solving such issues is an interesting challenge for end-to-end
> researchers!
> -- Christian Huitema

More information about the end2end-interest mailing list