Re: Data on latency and loss-rates during congestion DDoS attacks

[Amir Herzberg <amir.lists () gmail com>]

Hi Damian, thanks, that's right; actually in high-latency and 10% loss, you
get _much_ better performance than either TCP or Quic. However, these are
not as common scenarios as clogging due to DDoS... So we still want to find
relevant data, to know which ranges of latency and loss make sense.

Guys: if you can share data but only privately, please do :) thanks!

Amir

-- 
Amir



On Sat, Jan 25, 2020 at 12:38 PM Damian Menscher <damian () google com> wrote:

> Getting (and releasing) numbers from DDoS attacks will be challenging for
> most, but I think your research could apply to more than just DDoS.  There
> are often cases where one might want to work from an environment which has
> very poor networking.  As an extreme example, in 2007 I got online from an
> internet cafe in Paramaribo.  But, as I told a friend at the time, "latency
> is about 1s and packet loss around 10%".  It would be great if forward
> error correction could have improved that experience.
>
> Damian
>
> On Fri, Jan 24, 2020 at 7:27 PM Amir Herzberg <amir.lists () gmail com>
> wrote:
>
> > Damian, thanks!
> >
> > That's actually roughly the range of losses we focused on; but it was
> > based on my rough feeling for reasonable loss rates (as well as on
> > experiments where we caused losses in emulated environments), and a
> > reviewer - justifiably - asked if we can base our values on realistic
> > values. So I would love to have real value, I'm sure some people have these
> > measured (I'm actually quite sure I've seed such values, but the challenge
> > is recalling where and finding it...).
> >
> > Also, latency values (under congestion) would be appreciated. Also here,
> > we used a range of values, I think the highest was 1sec, since we believe
> > that under congestion delays goes up considerably since many queues fill up
> > [and again I seem to recall values around this range]. But here the
> > reviewer even challenged us and said he/she doubts that delays increase
> > significantly under network congestion since he/she thinks that the
> > additional queuing is something mostly in small routers such as home
> > routers (and maybe like the routers used in our emulation testbed). So I'll
> > love to have some real data to know for sure.
> >
> > Apart from knowing these things for this specific paper, I should know
> > them in a well-founded way anyway, as I'm doing rearch on and teaching
> > net-sec (incl. quite a lot on DoS) :)
> >
> > --
> > Amir
> >
> >
> >
> > On Fri, Jan 24, 2020 at 5:31 PM Damian Menscher <damian () google com>
> > wrote:
> >
> > > I suggest testing with a broad variety of values, as losses as low as 5%
> > > can be annoying, but losses at 50% or more are not uncommon.
> > >
> > > Damian
> > >
> > > On Fri, Jan 24, 2020 at 4:41 AM Amir Herzberg <amir.lists () gmail com>
> > > wrote:
> > >
> > > > Dear NANOG,
> > > >
> > > > One of my ongoing research works is about a transport protocol that
> > > > ensures (critical) communication in spite of DDoS congestion attack (which
> > > > cannot be circumvented), by (careful) use of Forward Error Correction. Yes,
> > > > obviously, this has to be done and used carefully since the FEC clearly
> > > > increases traffic rather than the typical congestion-control approach of
> > > > reducing it, I'm well aware of it; but some applications are critical (and
> > > > often low-bandwidth) so such tool is important.
> > > >
> > > > I am looking for data on loss rate and congestion of DDoS attacks to
> > > > make sure we use right parameters. Any chance you have such data and can
> > > > share?
> > > >
> > > > Many thanks!
> > > > --
> > > > Amir Herzberg
> > > > Comcast chair of security innovation, University of Connecticut
> > > > Foundations of cybersecurity
> > > > <https://www.researchgate.net/publication/323243320_Introduction_to_Cyber-Security_Part_I_Applied_Cryptography_Lecture_notes_and_exercises>,
> > > >  part
> > > > I (see also part II and presentations):
> > > > https://www.researchgate.net/publication/323243320_Introduction_to_Cyber-Security_Part_I_Applied_Cryptography_Lecture_notes_and_exercises
> > > > <https://www.researchgate.net/project/Lecture-notes-on-Introduction-to-Cyber-Security>