[e2e] new network architecture idea -

[Jon Crowcroft]

In missive <70C6EFCDFC8AAD418EF7063CD132D064BA06A3 at WIN-MSG-21.wingroup.windeploy.ntdev.microsoft.com>, "Christian Huitema" typed:

 >>Well, you trade DDOS for the sibyl attack. The problem is that in most
 >>P2P systems there is little "barrier to entry". Each zombie can manifest
 >>itself as multiple nodes, virtual nodes if you want. They can
 >>potentially have enough virtual nodes to represent 1/3rd of the
 >>population. If you don't believe that's possible, consider that 70% of
 >>e-mail is spam...

in my conjectured architecture, most nodes collaborate to elimiate sybils by witnessing the source
and attesting to its uniqueness and authenticity - since there's no _destination_, the spammer 
(if your application is unsolicted content)
is shouting in a vacuum
 >>
 >>> swarming systems also have a variety of mechanisms built into the
 >>swarm
 >>> analogy
 >>> of a "routing" substrate, that match incentives for download/receiver,
 >>> versus forwarding
 >>> which make it hard for a zombie farm to dent the system unless there
 >>are
 >>> a significant fraction of nodes subverted (significant being >33% or
 >>50%
 >>> typically depending on the algorithm) - frankily,m a system with 1/3
 >>or
 >>> more nodes subverted is
 >>> so badly infiltrated that I have no idea what the bad guys are still
 >>after
 >>> in it:)
 >>>=20
 >>> the other thing with swarms is that not only is hard to overload the
 >>swarm
 >>> (as it isn't a _point_ service)
 >>> but its also hard to do topological attacks
 >>>=20
 >>> packet swarming - an idea whose time has comefrom...
 >>>=20
 >>> In missive <70C6EFCDFC8AAD418EF7063CD132D064BA0671 at WIN-MSG-
 >>> 21.wingroup.windeploy.ntdev.microsoft.com>, "Christian Huitema" typed:
 >>>=20
 >>>  >>> When things go wrong (black holes, DDoS, ..., even spam and the
 >>>  >>> blogosphere) is when activities are "sender driven" without
 >>regard
 >>> for
 >>>  >>> the wishes or needs of the receivers.
 >>>  >>
 >>>  >>You can definitely accomplish a receiver driven DDOS. Assume a
 >>large
 >>>  >>band of zombies, and instruct them to all receive a large set of
 >>large
 >>>  >>pages from the target server. Pretty soon, the server's sending
 >>> capacity
 >>>  >>will be saturated. Voila, receiver driven DDOS.
 >>>  >>
 >>>  >>In Jon's proposal, the principle that prevent's DOS is swarming.
 >>>  >>Swarming allows the data to be served from any valid copy, not just
 >>the
 >>>  >>initial publisher. In my example, if swarming worked, each zombie
 >>will
 >>>  >>become a potential surrogate for the server, and the server's
 >>resource
 >>>  >>would remain available. I suspect however that the zombies may try
 >>to
 >>>  >>not fully cooperate with the swarming...
 >>>  >>
 >>>  >>-- Christian Huitema
 >>>=20
 >>>  cheers
 >>>=20
 >>>    jon
 >>>=20
 >>

 cheers

   jon