[e2e] 100% NAT - a DoS proof internet

Christian Huitema huitema at windows.microsoft.com
Tue Feb 14 12:37:23 PST 2006


> Jon Crowcroft wrote:
> > um, i think you need to re-read about DHTs and consistent hashes
> 
> What I was saying was that this variant won't work behind a NAT. I
> mistook that from your initial post; I still consider it accurate, but
> it may be off topic.

Protecting DHT against DOS attacks is indeed a big issue. Consider:

1) The nodes participating in the DHT need an open communication port
which is ipso facto a target for DOS attacks,
2) The nodes observing the DHT learn these ports, and also the addresses
of many other nodes, enabling various forms of attack propagation,
3) The DHT application itself can be victim of DOS attacks, e.g. various
forms of name injection, query overload, response spoofing.

In fact, solving such issues is an interesting challenge for end-to-end
researchers!

-- Christian Huitema


More information about the end2end-interest mailing list