[Ndn-interest] Largest DDoS attack ever delivered by botnet of hijacked IoT devices

woodc1 at uci.edu woodc1 at uci.edu
Tue Sep 27 15:59:56 PDT 2016

On September 27, 2016 at 3:23:14 PM, Lixia Zhang (lixia at cs.ucla.edu) wrote:
> > On Sep 27, 2016, at 1:49 PM, Cesar Ghali wrote:
> >
> > The PIT may very well serve a useful purpose in NDN/CCN. However, it creates well-known
> security problems (interest flooding is trivial) and it’s highly doubtful that a deterministic
> solution is possible.
> the discussion below is on how to effectively mitigate Interest flooding.
> By removing PIT, one also removes a number of important functions enabled by PIT.

To re-iterate Cesar’s point, as of now, there is no truly effective
interest flooding mitigation. However, one concrete way to minimize
the attack surface (for routers) is to get rid of the attack's root
cause: the PIT. (Producers could still be hosed with bogus interests.)
And since the PIT enables several important functions, other
architecture changes will probably have to follow in its wake.

Personally, I don’t think we should settle with an architectural
element that has a known (and quite severe) weakness simply because it
enables some nice features in practice. The more serious design
problems must be dealt with first, not last.


More information about the Ndn-interest mailing list