[Ndn-interest] Largest DDoS attack ever delivered by botnet of hijacked IoT devices

Cesar Ghali cghali at uci.edu
Tue Sep 27 20:31:41 PDT 2016

This is an interesting topic and I'm sure Chris read Luca's message before
he responded. Exhausting link bandwidth or computing resource is a problem
in today's network, and, as far as I know, all proposed future Internet
architectures. Since the PIT is a new player here (this doesn't mean it is
the bad guy or the only bad guy) and it introduces a new problem that
didn't exist before, it might be helpful to take a step back and reassess
design decisions. Especially that proposed countermeasures do not solve the
problem and can be bypassed by smart adversaries.

On Tue, Sep 27, 2016 at 7:49 PM, Christos Papadopoulos <
christos at colostate.edu> wrote:

> On 09/27/2016 07:47 PM, christopherwood07 at gmail.com wrote:
>> On September 27, 2016 at 5:14:14 PM, Christos Papadopoulos
>> (christos at colostate.edu) wrote:
>>> On 09/27/2016 04:59 PM, woodc1 at uci.edu wrote:
>>>> To re-iterate Cesar’s point, as of now, there is no truly effective
>>>> interest flooding mitigation. However, one concrete way to minimize
>>>> the attack surface (for routers) is to get rid of the attack's root
>>>> cause: the PIT. (Producers could still be hosed with bogus interests.)
>>>> And since the PIT enables several important functions, other
>>>> architecture changes will probably have to follow in its wake.
>>> You start with what I believe to be the wrong premise: protecting the
>>> router. In NDN we care about communication, not a single router.
>>> Protecting a router is winning the battle but losing the war.
>> I respectfully disagree. If the adversary takes out the producer,
>> there is no communication. If the adversary takes out the routers
>> adjacent or otherwise on the path to the producer, there is no
>> communication. Protecting the router(s) is equally important,
>> especially since it may impact more than just a single producer.
> You are still thinking in IP terms. In NDN data follows demand; data
> diffuses in the network pulled by Interests over all available faces. If an
> attacker manages to attack all available paths to your content without
> attacking the entire infrastructure, then I claim you deployed a bad
> defense system.
>> I don't understand your statement that the root cause of DDoS attacks is
>>> the PIT. The root cause of DDoS is resource exhaustion.
>> In these attack scenarios, the PIT *is* the resource being exhausted.
> Then you are looking at a subset of DDoS attacks. There are others that
> exhaust link bandwidth or compute resources. Why is the PIT the only bad
> guy here?

>> Personally, I don’t think we should settle with an architectural
>>>> element that has a known (and quite severe) weakness simply because it
>>>> enables some nice features in practice. The more serious design
>>>> problems must be dealt with first, not last.
>>> You are underestimating the importance of the signal the PIT provides.
>>> It is an important insight into the status of communication. The PIT
>>> does not simply enable some "nice features". Think a bit harder about
>>> the things you can do with this signal.
>> In most attack scenarios, yes, it tells you when bogus interests are
>> flooding a particular prefix and otherwise when communication is
>> failing. But consider this scenario. Suppose you have a malicious
>> producer cooperating with one or more malicious consumers. The
>> consumers are quickly sending interests to this legitimate producer,
>> who responds with legitimate data. The communication is not failing.
>> Their goal is to do nothing other than saturate the PIT of some
>> intermediate router. Per Spyros’ follow-up suggestion, that router
>> might kick out old, legitimate interests in favor of these malicious
>> ones. Of course, this is fundamentally how we would expect one to deal
>> with and manage a limited resource. So preventing this attack seems
>> difficult for any approach. But the point is that this resource, the
>> PIT, is easily abused in CCN/NDN.
> I am not sure where you are going here. All public resources can be
> abused. The question is how do you build a good resource management system
> to detect and mitigate resource abuse. Luca put it nicely, i suggest you
> read his message.
> Christos.
>> Chris
> _______________________________________________
> Ndn-interest mailing list
> Ndn-interest at lists.cs.ucla.edu
> http://www.lists.cs.ucla.edu/mailman/listinfo/ndn-interest
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.lists.cs.ucla.edu/pipermail/ndn-interest/attachments/20160927/23c17d16/attachment.html>

More information about the Ndn-interest mailing list