[dtn-security] Re(2): Re(2): How do you feel about Bonjour/Avahi?

Peter Lovell <plovell@mac.com> Mon, 13 July 2009 13:47 UTC

Received: from asmtpout012.mac.com (asmtpout012.mac.com [17.148.16.87]) by maillists.intel-research.net (8.13.8/8.13.8) with ESMTP id n6DDlRm5002580 for <dtn-security@maillists.intel-research.net>; Mon, 13 Jul 2009 06:47:27 -0700
MIME-version: 1.0
Content-transfer-encoding: 7BIT
Content-type: text/plain; charset=US-ASCII
Received: from [157.185.80.152] by asmtp012.mac.com (Sun Java(tm) System Messaging Server 6.3-8.01 (built Dec 16 2008; 32bit)) with ESMTPSA id <0KMQ00E563KR7W20@asmtp012.mac.com> for dtn-security@maillists.intel-research.net; Mon, 13 Jul 2009 06:46:06 -0700 (PDT)
From: Peter Lovell <plovell@mac.com>
To: "Graham Keellings (Leonix Solutions Pte Ltd)" <Graham@LeonixSolutions.com>
Date: Mon, 13 Jul 2009 09:46:02 -0400
Message-id: <20090713134603.958934311@smtp.mac.com>
In-reply-to: <4A5AA83C.7030400@LeonixSolutions.com>
References: <89E48AE60E64EF4E8EB32B0B7EC74920A1B0F5@EVS-EC1-NODE2.surrey.ac.uk> <"3A5AA67A8B120B48825BFFCF544385613 7E0B06196"@NDJSSCC03.ndc.nasa.gov> <4A1DD73F.50000@bbn.com> <023601c9df2a$694fd5b0$3bef8110$@com> <4A2DF7FD.5020104@LeonixSolutions.com> <3A5AA67A8B120B48825BFFCF5443856137E3553C4B@NDJSSCC03.ndc.nasa.gov> <"029d01c 9e925$1e354880$5a9fd980$"@com> <4A46C257.3040006@LeonixSolutions.com> <"2009062 8050243.1566215671"@smtp.mac.com> <4A46FBB2.3080205@LeonixSolutions.com> <"2009 0628052255.640550503"@smtp.mac.com> <4A470CD7.4010502@LeonixSolutions.com> <"20 090628141313.1532044204"@smtp.mac.com> <4A4878A6.7010707@LeonixSolutions.com> <20090629123400.1726285002@smtp.mac.com> <C304DB494AC0C04C87C6A6E2FF5603DB2217B29183@NDJSSCC01.ndc.nasa.gov> <4A497B04.3070909@LeonixSolutions.com> <20090630122842.1049441707@smtp.mac.com> <4A556063.2010305@LeonixSolutions.com> <20090709041417.302976474@smtp.mac.com> <4A56E1CA.7080000@LeonixSolutions.com> <20090710120958.2016629300@smtp.mac.com> <4A5AA83C.7030400@LeonixSolutions.com>
X-Mailer: CTM PowerMail version 5.6.3 build 4504 English (PPC) <http://www.ctmdev.com>
Cc: dtn-security@maillists.intel-research.net
Subject: [dtn-security] Re(2): Re(2): How do you feel about Bonjour/Avahi?
X-BeenThere: dtn-security@maillists.intel-research.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: DTN Security Discussion <dtn-security.maillists.intel-research.net>
List-Unsubscribe: <http://maillists.intel-research.net/mailman/listinfo/dtn-security>, <mailto:dtn-security-request@maillists.intel-research.net?subject=unsubscribe>
List-Archive: <http://maillists.intel-research.net/pipermail/dtn-security>
List-Post: <mailto:dtn-security@maillists.intel-research.net>
List-Help: <mailto:dtn-security-request@maillists.intel-research.net?subject=help>
List-Subscribe: <http://maillists.intel-research.net/mailman/listinfo/dtn-security>, <mailto:dtn-security-request@maillists.intel-research.net?subject=subscribe>
X-List-Received-Date: Mon, 13 Jul 2009 13:47:28 -0000

On Mon, Jul 13, 2009, Graham Keellings (Leonix Solutions Pte Ltd)
<Graham@LeonixSolutions.com> wrote:

>What about this then - is it even feasible? If I know that I have a 
>closed universe of nodes, can I encrypt the IP headers? That might help 
>prevent  DOS by repeated pinging.   <snip>
>
>Am I on a totally wrong track here? Or could encrypted IP headers be one 
>more layer of armour?
>

I guess this could work for an isolated system, but those are of limited
interest. Most systems have some interaction with the outside even
though the community may be a closed one.

When faced with a DOS attack, the challenge is to get rid of as many
packets as possible with the absolute least effort. the question is --
would encrypting the IP headers help or hinder this ??

Regards.....Peter