[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: resistance to swamping attacks.

To: sommerfeld@apollo.hp.com, caronni@tik.ee.ethz.ch
Subject: Re: resistance to swamping attacks.
From: touch@isi.edu
Date: Thu, 26 Sep 1996 10:58:03 -0700
Cc: ipsec@TIS.COM
MMDF-Warning: Parse error in original version of preceding line at neptune.TIS.COM
Posted-Date: Thu, 26 Sep 1996 10:58:03 -0700
Sender: ipsec-approval@neptune.tis.com

> Bill Sommerfeld wrote:
> > Here's a more specific goal:
> > If a system has a normal communications bandwidth of X, and recieves
> > an incoming storm from forged source addresses with a bandwidth of Y
> > (less than X), it should be able to continue to use at least half of
> > the remaining bandwith (X-Y) constructively to communicate with
> > arbitrary legitimate peers, including peers which had never before
> > communicated with it.
> 
> One issue here is probably that if a real packet storm occurs, the links to
> the attacked host become saturated, and no communication whatsoever can
> occur. Or at least: The bandwith for legitimate users sinks drastically
> towards 0. No protocol can fix this, if the routers do not help you.
> 
> Assuming that only the end system is saturated, and the link would be able
> to carry more data, then perhaps two goals should be formulated:
> 
> a) An endsystem which is flooded by a storm of connection establishment
>    requests should try to distinguish 'real' connection requests (well, you
>    could build a list of 'preferred hosts', e.g. hosts you had an conenction
>    (or SA) lately, and handle these with a preferred ratio. If this is not
>    possible or practial, at least all requests should have the same chance
>    to succeed. And no, this would not be a very nice persepctive. (X-Y)/2
>    would not work here, as you do not a priori know who is legitimate, and
>    who not. 
> b) Existing connections (or SAs) should be given priority of use for CPU
>    power and available bandwith. They should not suffer at all from somebody
>    trying to establish (or forge the establishment) of a new connection. [Is
>    this wise?]

These are what we came up with here. A more concise description 
we came up with is:

	a) All resources are FIRST allocated to existing
	   connections.

	b) Remaining resources are allocated 'fairly' on
	   a per-connection-attempt basis.

	c) Connections not fully established have a finite
	   resource limit, BOTH individually and as an 
	   aggregate class.

I think these are necessary and sufficient.

Joe


----------------------------------------------------------------------
Joe Touch - touch@isi.edu		    http://www.isi.edu/~touch/
ISI / Project Leader, ATOMIC-2, LSAM       http://www.isi.edu/atomic2/
USC / Research Assistant Prof.                http://www.isi.edu/lsam/

Follow-Ups:

Re: resistance to swamping attacks.

From: Germano Caronni <caronni@tik.ee.ethz.ch>

Prev by Date: Re: resistance to swamping attacks.
Next by Date: Comments on ESP and AH IPSEC drafts.
Prev by thread: Re: resistance to swamping attacks.
Next by thread: Re: resistance to swamping attacks.
Index(es):
- Main
- Thread