[e2e] 100% NAT - a DoS proof internet

Angelos D. Keromytis angelos at cs.columbia.edu
Tue Feb 14 13:56:54 PST 2006


We have a tech report on the subject of DoS attacks inside a DHT:

http://www1.cs.columbia.edu/~library/TR-repository/reports/reports-2004/cucs-019-04.pdf

It's a little dated (and too math-heavy)...we have a paper currently 
under submission that refines the idea in the tech report and also 
presents a Pushback-like defense...
Cheers,
-Angelos


Christian Huitema wrote:
>>Jon Crowcroft wrote:
>>
>>>um, i think you need to re-read about DHTs and consistent hashes
>>
>>What I was saying was that this variant won't work behind a NAT. I
>>mistook that from your initial post; I still consider it accurate, but
>>it may be off topic.
> 
> 
> Protecting DHT against DOS attacks is indeed a big issue. Consider:
> 
> 1) The nodes participating in the DHT need an open communication port
> which is ipso facto a target for DOS attacks,
> 2) The nodes observing the DHT learn these ports, and also the addresses
> of many other nodes, enabling various forms of attack propagation,
> 3) The DHT application itself can be victim of DOS attacks, e.g. various
> forms of name injection, query overload, response spoofing.
> 
> In fact, solving such issues is an interesting challenge for end-to-end
> researchers!
> 
> -- Christian Huitema


More information about the end2end-interest mailing list