> Also, it seems to me that if all you want to do is break a single MR, then > rate limiting is irrelevant. In the absence of limits on who can query a > specific MR, you can bombard it with more queries than it can handle and you > will take it out of service. So a rate limit helps the system while harming > the MR capability only slightly.
This is why it is important to anycast most of the MRs that will be deployed. So the attack sources are naturally sending, in spread out fashion, to a very large cluster-set of MRs. Only with a concentration of sources in the relatively same topoglical area with lots of bandwidth can be successful at a many-to-1 attack. > Trying to infer whether an entity is allowed to undertake specific operations > without authentication, using information such as the IP address, seems > fraught with failure. Trying to classify all entities into types > (onotology?) seems unlikely to produce correct results, as classes are not > cleanly defined. And remember by doing signature verification or decryption, the problem gets worse for the MR. Because it has to use more resources when most of the packets are from unauthorized sources. And white-listing 1 billion users to provide a public service minus the 1,000,000 attackers is a white-list management nightmare/challenge. > As I said, I look forward to the technical presentation at the IETF meeting > to see if they have any ideas that can help. Yes, there is work to be done. > Putting authorization into the identity seems to be asking for trouble. Definitely. Dino _______________________________________________ lisp mailing list [email protected] https://www.ietf.org/mailman/listinfo/lisp
