[e2e] new network architecture idea -
Jon.Crowcroft at cl.cam.ac.uk
Mon May 22 01:32:06 PDT 2006
In missive <70C6EFCDFC8AAD418EF7063CD132D064BA06A3 at WIN-MSG-21.wingroup.windeploy.ntdev.microsoft.com>, "Christian Huitema" typed:
>>Well, you trade DDOS for the sibyl attack. The problem is that in most
>>P2P systems there is little "barrier to entry". Each zombie can manifest
>>itself as multiple nodes, virtual nodes if you want. They can
>>potentially have enough virtual nodes to represent 1/3rd of the
>>population. If you don't believe that's possible, consider that 70% of
>>e-mail is spam...
in my conjectured architecture, most nodes collaborate to elimiate sybils by witnessing the source
and attesting to its uniqueness and authenticity - since there's no _destination_, the spammer
(if your application is unsolicted content)
is shouting in a vacuum
>>> swarming systems also have a variety of mechanisms built into the
>>> of a "routing" substrate, that match incentives for download/receiver,
>>> versus forwarding
>>> which make it hard for a zombie farm to dent the system unless there
>>> a significant fraction of nodes subverted (significant being >33% or
>>> typically depending on the algorithm) - frankily,m a system with 1/3
>>> more nodes subverted is
>>> so badly infiltrated that I have no idea what the bad guys are still
>>> in it:)
>>> the other thing with swarms is that not only is hard to overload the
>>> (as it isn't a _point_ service)
>>> but its also hard to do topological attacks
>>> packet swarming - an idea whose time has comefrom...
>>> In missive <70C6EFCDFC8AAD418EF7063CD132D064BA0671 at WIN-MSG-
>>> 21.wingroup.windeploy.ntdev.microsoft.com>, "Christian Huitema" typed:
>>> >>> When things go wrong (black holes, DDoS, ..., even spam and the
>>> >>> blogosphere) is when activities are "sender driven" without
>>> >>> the wishes or needs of the receivers.
>>> >>You can definitely accomplish a receiver driven DDOS. Assume a
>>> >>band of zombies, and instruct them to all receive a large set of
>>> >>pages from the target server. Pretty soon, the server's sending
>>> >>will be saturated. Voila, receiver driven DDOS.
>>> >>In Jon's proposal, the principle that prevent's DOS is swarming.
>>> >>Swarming allows the data to be served from any valid copy, not just
>>> >>initial publisher. In my example, if swarming worked, each zombie
>>> >>become a potential surrogate for the server, and the server's
>>> >>would remain available. I suspect however that the zombies may try
>>> >>not fully cooperate with the swarming...
>>> >>-- Christian Huitema
More information about the end2end-interest