[e2e] 100% NAT - a DoS proof internet

Joe Touch touch at ISI.EDU
Wed Feb 15 17:02:06 PST 2006 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



Jon Crowcroft wrote:
> In missive <DAC3FCB50E31C54987CD10797DA511BA137D27DB at WIN-MSG-10.wingroup.windep
> loy.ntdev.microsoft.com>, "Christian Huitema" typed:
> 
>  >>> Jon Crowcroft wrote:
>  >>> > um, i think you need to re-read about DHTs and consistent hashes
>  >>> 
>  >>> What I was saying was that this variant won't work behind a NAT. I
>  >>> mistook that from your initial post; I still consider it accurate, but
>  >>> it may be off topic.
> 
>  >>Protecting DHT against DOS attacks is indeed a big issue. Consider:
> 
> This is now orthogonal to what i was proposing, but is a good topic to
> discuss for sure...
> 
> The issue for defending a
> consistent hash based overlay routes has received quite
> a lot of attention from folks like the MSR pastry group
> and bamboo/opendht and chord and others...and CAN Has some tricks too
> 
> The whole point of P2P is that its load balanced and hard to DDoS as
> you have to attack multiple points rather than just one or a few
> servers, but you can try to attack the routing system

You can attack it by looking up the same thing from everywhere; at some
point, those messages will fan-in. I.e., a conventional DDoS attack maps
just fine to a P2P.

The only thing that saves your network is alternate path routing; P2Ps
have this only to the extent that it's added. It's not a 'natural'
property of a P2P network any more than it is of a conventional routing
system, and the additions are very similar, and similarly orthogonal to
the architecture.

As to saving a node, you can replicate its contents, which again will
help both systems; a conventional system uses DNS randomization or
server farm tricks (L4 multipath) to distribute the load; a P2P, which
runs at the app layer anyway, does this at the P2P layer - but again, it
has to be added.

I.e., there's no free ride here for DDOS.

> Basically finger table or prefix schemes keep _multiple_ next
> neighbour entries - you have to do this in any P2P system because of
> chrun (nodes leave/turned off un-announced) - actually whether
> unstructured or structured; so if you take out a node, you dont break
> the P2P system at all - in fact you need to remove quite a few (I
> think both chord and can have been fairly extensively analyszed from
> this point.
> 
>  >>1) The nodes participating in the DHT need an open communication port
>  >>which is ipso facto a target for DOS attacks,
> see above - you can take out a node, but not the net, easily - plus
> content can be replicated (and was - way back in the eternity system
> for example)

That's true for existing routing too - DDOS takes out the node, not the
net, unless the routing doesn't have diversity.

FWIW ;-)

Joe
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFD888OE5f5cImnZrsRAvhfAKCXPghAFPxn9EuN4j5NF4OuSufUxQCfcTUi
0VVELAdSgRyfgxb+Eb8hYgc=
=OvDh
-----END PGP SIGNATURE-----

More information about the end2end-interest mailing list