[e2e] 100% NAT - a DoS proof internet

Jon Crowcroft Jon.Crowcroft at cl.cam.ac.uk
Wed Feb 15 01:00:04 PST 2006 

In missive <DAC3FCB50E31C54987CD10797DA511BA137D27DB at WIN-MSG-10.wingroup.windep
loy.ntdev.microsoft.com>, "Christian Huitema" typed:

 >>> Jon Crowcroft wrote:
 >>> > um, i think you need to re-read about DHTs and consistent hashes
 >>> 
 >>> What I was saying was that this variant won't work behind a NAT. I
 >>> mistook that from your initial post; I still consider it accurate, but
 >>> it may be off topic.

 >>Protecting DHT against DOS attacks is indeed a big issue. Consider:

This is now orthogonal to what i was proposing, but is a good topic to
discuss for sure...

The issue for defending a
consistent hash based overlay routes has received quite
a lot of attention from folks like the MSR pastry group
and bamboo/opendht and chord and others...and CAN Has some tricks too

The whole point of P2P is that its load balanced and hard to DDoS as
you have to attack multiple points rather than just one or a few
servers, but you can try to attack the routing system

Basically finger table or prefix schemes keep _multiple_ next
neighbour entries - you have to do this in any P2P system because of
chrun (nodes leave/turned off un-announced) - actually whether
unstructured or structured; so if you take out a node, you dont break
the P2P system at all - in fact you need to remove quite a few (I
think both chord and can have been fairly extensively analyszed from
this point.

 >>1) The nodes participating in the DHT need an open communication port
 >>which is ipso facto a target for DOS attacks,
see above - you can take out a node, but not the net, easily - plus
content can be replicated (and was - way back in the eternity system
for example)

 >>2) The nodes observing the DHT learn these ports, and also the addresses
 >>of many other nodes, enabling various forms of attack propagation,

This is a good point, and defending against this probavyl currently
relies on the P2P just having a lot of distributed resource possibly
compared to the attacker...(unless the attacker subverts the p2p nodes
themselves in numbers-  a pastry or kazaa based zombie organisation
would be a fairly scary thing - )

 >>3) The DHT application itself can be victim of DOS attacks, e.g. various
 >>forms of name injection, query overload, response spoofing.

So lots of work has been done on integrity checking and
reputation/recommendation and social re-enforcement schemes that limit
this sort of damage - viz bittorrent etc etc...

 >>In fact, solving such issues is an interesting challenge for end-to-end
 >>researchers!

Absolutely!

Only 355 days til SIGCOMM 2007 deadline:)

 cheers

   jon

More information about the end2end-interest mailing list