On Tue, Jun 29, 2004 at 03:29:08PM -0700, Matthew Elvey wrote:
| Yeah, looks like they were mis-assigned, and no one noticed.
| Anyway, I'd suggest that the lively thread about DDoS attacks presents a
| situation that CSV handles well, and SPF doesn't handle as well.
| How poorly it is handled merits further discussion.
It seems to me the DDOS attacks we have reviewed so far
pretty much boil down to:
SECURITY CONSIDERATIONS
We take it as a given that malicious entities control
large distributed networks of 0wned machines, in the six
to eight figure range. These machines are compromised
workstation-grade machines that belong to ordinary
end-users on broadband connections. They are generally
referred to as zombies.
Malicious entities who have philosophical objections to a
given technology may attempt to dissuade people from
adopting that technology by mounting distributed
denial-of-service attacks on adopters.
The most elegant way to mount such an attack is to
contrive a scenario in which the technology itself plays a
part in the resulting denial of service. If the attack
does not affect those who do not adopt the technology, and
only hurts those who do adopt the technology, it gives
adopters incentive to abandon the technology. Such an
auto-targeting attack can be easily executed using zombie
networks.
Technologies which are more complex tend, in general, to
be more easily attacked in this way than technologies
which are simpler.
However, the elegant attack is not the only attack. A
malicious entity may identify adopters of a given
technology in an initial pass, and use the zombies against
those adopters directly. The connection between the
attack and the objective (discouraging the technology) can
be made when an attacker claims responsibility for the
attack.
Both the elegant and the brute-force attacks are feasible
against any open protocol. The only way to avoid these
attacks completely is to retreat to a "private club"
model, in which nodes do not communicate with other nodes
if they have not previously established a trust
relationship.
A midway position between total openness and a "private
club" involves the use of reputation services. If a
protocol endpoint tests new connections against a
reputation service before engaging more deeply in protocol
operation, attacks can be mitigated.