[Ndn-interest] Largest DDoS attack ever delivered by botnet of hijacked IoT devices
Christos Papadopoulos
christos at colostate.edu
Tue Sep 27 20:59:10 PDT 2016
Hi Cesar,
If the PIT were to be added to IP then I would agree with what you say
below. But this is NDN. You cannot just pick on the PIT ignoring the
rest of the architecture.
Christos.
On 09/27/2016 09:31 PM, Cesar Ghali wrote:
> This is an interesting topic and I'm sure Chris read Luca's message
> before he responded. Exhausting link bandwidth or computing resource
> is a problem in today's network, and, as far as I know, all proposed
> future Internet architectures. Since the PIT is a new player here
> (this doesn't mean it is the bad guy or the only bad guy) and it
> introduces a new problem that didn't exist before, it might be helpful
> to take a step back and reassess design decisions. Especially that
> proposed countermeasures do not solve the problem and can be bypassed
> by smart adversaries.
>
> On Tue, Sep 27, 2016 at 7:49 PM, Christos Papadopoulos
> <christos at colostate.edu <mailto:christos at colostate.edu>> wrote:
>
>
>
> On 09/27/2016 07:47 PM, christopherwood07 at gmail.com
> <mailto:christopherwood07 at gmail.com> wrote:
>
> On September 27, 2016 at 5:14:14 PM, Christos Papadopoulos
> (christos at colostate.edu <mailto:christos at colostate.edu>) wrote:
>
>
> On 09/27/2016 04:59 PM, woodc1 at uci.edu
> <mailto:woodc1 at uci.edu> wrote:
>
> To re-iterate Cesar’s point, as of now, there is no
> truly effective
> interest flooding mitigation. However, one concrete
> way to minimize
> the attack surface (for routers) is to get rid of the
> attack's root
> cause: the PIT. (Producers could still be hosed with
> bogus interests.)
> And since the PIT enables several important functions,
> other
> architecture changes will probably have to follow in
> its wake.
>
> You start with what I believe to be the wrong premise:
> protecting the
> router. In NDN we care about communication, not a single
> router.
> Protecting a router is winning the battle but losing the war.
>
> I respectfully disagree. If the adversary takes out the producer,
> there is no communication. If the adversary takes out the routers
> adjacent or otherwise on the path to the producer, there is no
> communication. Protecting the router(s) is equally important,
> especially since it may impact more than just a single producer.
>
>
> You are still thinking in IP terms. In NDN data follows demand;
> data diffuses in the network pulled by Interests over all
> available faces. If an attacker manages to attack all available
> paths to your content without attacking the entire infrastructure,
> then I claim you deployed a bad defense system.
>
>
> I don't understand your statement that the root cause of
> DDoS attacks is
> the PIT. The root cause of DDoS is resource exhaustion.
>
> In these attack scenarios, the PIT *is* the resource being
> exhausted.
>
>
> Then you are looking at a subset of DDoS attacks. There are others
> that exhaust link bandwidth or compute resources. Why is the PIT
> the only bad guy here?
>
>
>
>
> Personally, I don’t think we should settle with an
> architectural
> element that has a known (and quite severe) weakness
> simply because it
> enables some nice features in practice. The more
> serious design
> problems must be dealt with first, not last.
>
> You are underestimating the importance of the signal the
> PIT provides.
> It is an important insight into the status of
> communication. The PIT
> does not simply enable some "nice features". Think a bit
> harder about
> the things you can do with this signal.
>
> In most attack scenarios, yes, it tells you when bogus
> interests are
> flooding a particular prefix and otherwise when communication is
> failing. But consider this scenario. Suppose you have a malicious
> producer cooperating with one or more malicious consumers. The
> consumers are quickly sending interests to this legitimate
> producer,
> who responds with legitimate data. The communication is not
> failing.
> Their goal is to do nothing other than saturate the PIT of some
> intermediate router. Per Spyros’ follow-up suggestion, that router
> might kick out old, legitimate interests in favor of these
> malicious
> ones. Of course, this is fundamentally how we would expect one
> to deal
> with and manage a limited resource. So preventing this attack
> seems
> difficult for any approach. But the point is that this
> resource, the
> PIT, is easily abused in CCN/NDN.
>
>
> I am not sure where you are going here. All public resources can
> be abused. The question is how do you build a good resource
> management system to detect and mitigate resource abuse. Luca put
> it nicely, i suggest you read his message.
>
> Christos.
>
>
>
> Chris
>
>
> _______________________________________________
> Ndn-interest mailing list
> Ndn-interest at lists.cs.ucla.edu <mailto:Ndn-interest at lists.cs.ucla.edu>
> http://www.lists.cs.ucla.edu/mailman/listinfo/ndn-interest
> <http://www.lists.cs.ucla.edu/mailman/listinfo/ndn-interest>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.lists.cs.ucla.edu/pipermail/ndn-interest/attachments/20160927/da083bdc/attachment.html>
More information about the Ndn-interest
mailing list