[e2e] 100% NAT - a DoS proof internet
Jon Crowcroft
Jon.Crowcroft at cl.cam.ac.uk
Tue Feb 14 08:12:21 PST 2006
In missive <43F1FBF8.10409 at isi.edu>, Joe Touch typed:
>>Jon Crowcroft wrote:
>>> um, i think you need to re-read about DHTs and consistent hashes
>>What I was saying was that this variant won't work behind a NAT. I
>>mistook that from your initial post; I still consider it accurate, but
>>it may be off topic.
>>However....
>>This is basically just frequency allocation. Each algorithm would have
>>its preferred frequency; assuming that endpoints are sync'd, you 'meet'
>>on the same frequency as the other end you want to speak with.
yes, kind of!
>>Unfortunately, unless the algorithm or some mutual offset (aka 'key')
>>between the endpoints is predeployed, the attacker code will know (and
>>use) the same mechanism and with the same algorithm. I.e., it'll send a
>>DHTime request, get a meeting time, and send its attack that way.
right
>>Either this will slow down legitimate applications, or attackers will
>>just mimic legitimate applications and move on. Time-based attacks are
>>not uncommon - consider window attacks on TCP.
that is a good point!
>>
>>
>>
>>--------------enigF8FF148498E264F17EE76BD4
>>Content-Type: application/pgp-signature; name="signature.asc"
>>Content-Description: OpenPGP digital signature
>>Content-Disposition: attachment; filename="signature.asc"
>>
>>-----BEGIN PGP SIGNATURE-----
>>Version: GnuPG v1.4.1 (MingW32)
>>Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>>
>>iD8DBQFD8fv4E5f5cImnZrsRApynAJ9lK/An8IhoC6Wba5wpCeAThoE3bACglicl
>>2LNhmBx1XwSBDMkaAQl1XU8=
>>=7+Vr
>>-----END PGP SIGNATURE-----
>>
>>--------------enigF8FF148498E264F17EE76BD4--
cheers
jon
More information about the end2end-interest
mailing list