> From: Jeff Wheeler <[email protected]>
> If the xTR does not have the necessary state to forward a packet, it must
> communicate with the MS infrastructure. As cache hit rate goes down,
> direct MS involvement in forwarding operations goes up.
To a certain point, yes... but we do _already_ have rate-limits on the
ITR->resolution_system, precisely to protect the resolution system.
I mean, imagine a scenario where an ITR gets taken over by a bad guy - or,
simpler yet, a bad guy claims to be an ITR when they are not. The attacker
could then generate as much traffic to the resolution system as they want;
they are a direct threat to the resolution system, i.e. not via churning the
cache on an ITR. The best cache management in the world cannot prevent such
direct DoS attacks on the mapping infrastructure. So such threats exist
irrespective of DoS attacks on caches, i.e. have to be protected against
directly
All sorts of DoS attacks are possible. Imagine a system in which all ITRs have
all mappings (e.g. through NERD, or something like that). So a DoS attack there
would consist of having a number of sites update their mappings at high rates.
(That would be an even better attack, since it's a multiplier attack - i.e.
each attack packet would produce an expanding cascade of pacekts, at the syetem
attemtped to update every ITR in the world with the new mapping.)
Build any system, I can think of a DoS attack on it... (Are people DoS'in DNS
servers yet, BTW?)
To deal with DoS attacks, any system ideally i) degrades service for other
clients under the load, but doesn't keel over dead, and ii) allows you to track
down the source(s) of the attack and deal with them. (Preferentially by taking
the perpetrators and throwing them into vats of boiling oil... but I digress.)
Noel
_______________________________________________
lisp mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/lisp
