[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Next question...

To: "Eliot Lear" <lear@cisco.com>
Subject: RE: Next question...
From: "Tony Li" <Tony.Li@procket.com>
Date: Mon, 9 Dec 2002 13:35:26 -0800
Cc: "Iljitsch van Beijnum" <iljitsch@muada.com>,<multi6@ops.ietf.org>


|   I DDOS attack the far end.  The local end then sends an 
|   authenticated 
|   hint to the routing system.  In fact, if I DDOS a popular 
|   host, I can 
|   get a lot of local ends to provide "hints" and thus 
|   indirectly DDOS the 
|   routing system.  And then suppose the routing system 
|   believes the hint. 
|     Now I can stop my DDOS on the host and go hide.


The hint is only going as far as your SBR, because that's the system
that is responsible for locator selection for your outbound packets.
This would only be a small DDOS against your own SBR.
   

|   OTOH, if a host wants to provide either quality or reachability 
|   information about itself, I'm okay with that so long as it's 
|   authenticated and we can find a way to sanely aggregate the 
|   information.


In its full generality, this will be hard.  It's difficult to create
an abstraction from random, unrelated items.

Tony

Follow-Ups:
- Re: Next question...
  - From: Eliot Lear <lear@cisco.com>

Prev by Date: Re: network controls are necessary
Next by Date: RE: network controls are necessary
Previous by thread: Re: Next question...
Next by thread: Re: Next question...
Index(es):
- Date
- Thread