ietf-mxcomp
[Top] [All Lists]

DDOS attacks

2004-06-29 15:52:56

On Tue, Jun 29, 2004 at 03:29:08PM -0700, Matthew Elvey wrote:
| Yeah, looks like they were mis-assigned, and no one noticed.
| Anyway, I'd suggest that the lively thread about DDoS attacks presents a 
| situation that CSV handles well, and SPF doesn't handle as well.
| How poorly it is handled merits further discussion.

It seems to me the DDOS attacks we have reviewed so far
pretty much boil down to:

SECURITY CONSIDERATIONS

  We take it as a given that malicious entities control
  large distributed networks of 0wned machines, in the six
  to eight figure range.  These machines are compromised
  workstation-grade machines that belong to ordinary
  end-users on broadband connections.  They are generally
  referred to as zombies.

  Malicious entities who have philosophical objections to a
  given technology may attempt to dissuade people from
  adopting that technology by mounting distributed
  denial-of-service attacks on adopters.

  The most elegant way to mount such an attack is to
  contrive a scenario in which the technology itself plays a
  part in the resulting denial of service.  If the attack
  does not affect those who do not adopt the technology, and
  only hurts those who do adopt the technology, it gives
  adopters incentive to abandon the technology.  Such an
  auto-targeting attack can be easily executed using zombie
  networks.

  Technologies which are more complex tend, in general, to
  be more easily attacked in this way than technologies
  which are simpler.

  However, the elegant attack is not the only attack.  A
  malicious entity may identify adopters of a given
  technology in an initial pass, and use the zombies against
  those adopters directly.  The connection between the
  attack and the objective (discouraging the technology) can
  be made when an attacker claims responsibility for the
  attack.

  Both the elegant and the brute-force attacks are feasible
  against any open protocol.  The only way to avoid these
  attacks completely is to retreat to a "private club"
  model, in which nodes do not communicate with other nodes
  if they have not previously established a trust
  relationship.

  A midway position between total openness and a "private
  club" involves the use of reputation services.  If a
  protocol endpoint tests new connections against a
  reputation service before engaging more deeply in protocol
  operation, attacks can be mitigated.