[e2e] 100% NAT - a DoS proof internet

Jon Crowcroft Jon.Crowcroft at cl.cam.ac.uk
Mon Feb 13 05:46:39 PST 2006 

In missive <3378EA87-1954-49F6-9CC8-8E91BD030650 at cisco.com>, Fred Baker typed:

 >>Are you telling me that you think that devices that are behind NATs  
 >>don't get DOS'd?
 
not by address scanning worms, no...

 >>I would prefer that you used the term "stateful firewall" as compared  
 >>to "NAT"; NATs aren't necessarily stateful, and stateful firewall  
 >>technology doesn't require network address translation to make it  
 >>work. If the mapping between an interior address and an exterior  
 >>address is predictable, the device behind can be DOS'd; the thing  
 >>that a stateful firewall does is make the attack a bit harder to  
 >>perpetrate.

sure - so what i was proposing was a 
rendezvous mechanism for src/dst
pairs of nodes and their globally reachable address allocation - so
it can't be DOS'd normally, 
as it aint there, but temporally, 
and it aint there for anyone other than 
for this pair (multicast, tbd:) spatially
 

i.e. ultra stateful (think of it as a VCI allocation mechanism with a
capability:)

 >>Let me give you a simplistic example. If I have a SIP Proxy in a NAT  
 >>system, so that SIP is made to traverse the firewall in a  
 >>straightforward manner, SIP can then be used as an attack vector to  
 >>the device it proxies for. That is but one.

yes, in today's internet, but not in what i propose
 >>On Feb 13, 2006, at 6:49 AM, Jon Crowcroft wrote:
 >>
 >>> So there's three things here
 >>>
 >>> 1/ a mad idea for a DoS proof internet - This goes like this:
 >>>
 >>> What if 100% of hosts were behing a NAT (a bit like mark handley and
 >>> adam greenhalgh's idea on a dos proof internet in fdna a while back,
 >>> but taken to extreme, or also like default off paper in hotnets)
 >>>
 >>> So how would you ever reach someone (like most NAT traversal stuff is
 >>> tricky - viz skype - see also below:)
 >>>
 >>> Meanwhile, here is how: Distributed Hashed Time.
 >>>
 >>> So we all know about DHTs - they hash an object to a node id, then use
 >>> some p2p route to get to the node id (e.g. MIT's chord finger table
 >>> etc etc).
 >>>
 >>> So if we want to talk to a set of known people, we hash their
 >>> identifier (name) to TIME. We then send to each other at that agreed
 >>> time - no-one else can send to us or from us to them, and the hash key
 >>> can be a shared secret....
 >>>
 >>> there you go...the details should be simple (apart from how you
 >>> provide sufficiently accurate synchronized time without a globally
 >>> reachable adddress betweewn the NTP servers, which, I admit, is
 >>> probably a mite tricky - i guess you need to have them agree a set of
 >>> rough times or something:)
 >>>
 >>> 2/ a pointer to something about a mad bad idea i had about control
 >>> networks
 >>> http://www.cl.cam.ac.uk/~jac22/press-release-backstory.htm
 >>>
 >>> 3/ a reminder of a workshop deadline - sorry:)
 >>> (see website for more info on submissions)
 >>>
 >>> ------------------------------------------------------------------
 >>> 	PAPER SUBMISSION DEADLINE HAS BEEN EXTENDED TO
 >>> 			26 FEBRUARY 2006
 >>> ------------------------------------------------------------------
 >>>
 >>> 			CALL FOR PAPERS
 >>>
 >>> 		Second International Workshop on
 >>> 	Multi-hop Ad hoc Networks: from theory to reality
 >>> 			  REALMAN 2006
 >>> 		http://www.cl.cam.ac.uk/realman
 >>>
 >>>
 >>> cheers
 >>>
 >>> jon

 cheers

   jon

More information about the end2end-interest mailing list