[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Next question...

To: Tony Li <Tony.Li@procket.com>
Subject: Re: Next question...
From: Eliot Lear <lear@cisco.com>
Date: Mon, 09 Dec 2002 11:21:05 -0800
Cc: Iljitsch van Beijnum <iljitsch@muada.com>, multi6@ops.ietf.org
In-reply-to: <D2EC481073504E498A8DB9C0687E8CAF04D22A07@EXCHANGE0-0.na.procket.com>
References: <D2EC481073504E498A8DB9C0687E8CAF04D22A07@EXCHANGE0-0.na.procket.com>
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.3a) Gecko/20021118

Tony Li wrote:

Assuming that the request is authenticated, what's the real issue? Yes, the host cannot know that it is impossible to satisfy the request, but all this is is a hint to try another alternative.

I DDOS attack the far end. The local end then sends an authenticated hint to the routing system. In fact, if I DDOS a popular host, I can get a lot of local ends to provide "hints" and thus indirectly DDOS the routing system. And then suppose the routing system believes the hint. Now I can stop my DDOS on the host and go hide.

OTOH, if a host wants to provide either quality or reachability information about itself, I'm okay with that so long as it's authenticated and we can find a way to sanely aggregate the information.

Eliot

References:
- RE: Next question...
  - From: "Tony Li" <Tony.Li@procket.com>

Prev by Date: RE: network controls are necessary
Next by Date: RE: network controls are necessary
Previous by thread: RE: Next question...
Next by thread: RE: Next question...
Index(es):
- Date
- Thread