Interesting People mailing list archives

Previous By Date Next
Previous By Thread Next

DDOS attacks

From: David Farber <dave () farber net>
Date: Sun, 9 Aug 2009 17:16:47 -0400


Begin forwarded message:

From: "Michael O'Dell" <mo () ccr org>
Date: August 9, 2009 2:54:16 PM EDT
To: dave () farber net
Subject: DDOS attacks

a fundamental problem with Denial of Service Attacks,
and most other Internet "security" problems in general,
is that they are "attacks" only in retrospect.
In fact, a DDOS attack is indistinguishable from
a success disaster (flash crowd, "slashdotted", etc)
only after observing the event for a while and
then imputing nefarious intent.

Given that we have no way of imputing the intent
of another human short of observing his actions
in context, IN RETROSPECT, it's hard to imagine
how one can examine packets in real-time and
impute intent in any general-purpose fashion.

This is also the difficulty of doing "QoS enforcement";
it requires the network to impute the recipient's
desire to receive a packet in question (or even harder,
ordering the desirability of many packets closely spaced
in time).

Various schemes have been proposed to create
varying amounts of "state" in the network for the purpose
of having network components make such judgments on a
recipient's behalf, but that works only in the case of
packet interchanges which are lengthy with respect to
the time taken to establish the state *after* the
recipient identifying a sender as being "of interest"
at some level.  Without that statement of interest by
the recipient it's not possible to avoid even worse pathologies.

This feeds into numerous other questions all hinging on
how much state (per endpoint, per microflow, per whatever)
can be placed in which network components, which ones can
actually do any good, and what a packet recipient must reveal
to make this happen. There are serious questions of privacy
and related matters involved.

I know I've made this point before, but it is important to
repeat because people seem to keep missing it: schemes that
rely upon notions of "strong identity" are dubious at best.

In the Real World(tm), proving identity to another human
in a manner which is difficult to spoof or compromise is
*very* hard indeed. (Anyone who has endured a background
investigation for a security clearance knows this firsthand.)
Why anyone believes a Silicon Surrogate is any easier to
authenticate than the human(s!) behind it simply beyond my
understanding.

These things are messy, ugly, ambiguous, fluid, and dynamic
because, unlike computers (at the moment), humans are
messy, ugly, ambiguous, fluid and dynamic because they have
myriad motives and agenda (often at the same time!).

If you can't do it well in the Real World(tm),
it's essentially certain you won't do it any
in the Bit World(tm).

        -mo




-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed: https://www.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com
Previous By Date Next
Previous By Thread Next

Current thread: