RE: DoS attack ?
Nicolas Popp <nico@realnames.com> Thu, 06 December 2001 18:14 UTC
Return-Path: <ietf-irnss-errors@lists.elistx.com>
Received: from ELIST-DAEMON.eListX.com by eListX.com (PMDF V6.0-025 #44856) id <0GNX00804PBW53@eListX.com> (original mail from nico@realnames.com); Thu, 06 Dec 2001 13:14:21 -0500 (EST)
Received: from CONVERSION-DAEMON.eListX.com by eListX.com (PMDF V6.0-025 #44856) id <0GNX00801PBV51@eListX.com> for ietf-irnss@elist.lists.elistx.com (ORCPT ietf-irnss@lists.elistx.com); Thu, 06 Dec 2001 13:14:19 -0500 (EST)
Received: from DIRECTORY-DAEMON.eListX.com by eListX.com (PMDF V6.0-025 #44856) id <0GNX00801PBU50@eListX.com> for ietf-irnss@elist.lists.elistx.com (ORCPT ietf-irnss@lists.elistx.com); Thu, 06 Dec 2001 13:14:18 -0500 (EST)
Received: from friendly.realnames.com (friendly.realnames.com [63.251.238.102]) by eListX.com (PMDF V6.0-025 #44856) with SMTP id <0GNX00747PBTL5@eListX.com> for ietf-irnss@lists.elistx.com; Thu, 06 Dec 2001 13:14:18 -0500 (EST)
Received: (qmail 5892 invoked by uid 104); Thu, 06 Dec 2001 18:11:45 +0000
Received: from nico@realnames.com by friendly.realnames.com with qmail-scanner-0.96 (. Clean. Processed in 0.836226 secs); Thu, 06 Dec 2001 18:11:45 +0000
Received: from heaven.internal.realnames.com (10.1.5.39) by friendly.realnames.com with SMTP; Thu, 06 Dec 2001 18:11:44 +0000
Received: From RINCON.INTERNAL.REALNAMES.COM (10.1.5.99[10.1.5.99 port:3559]) by heaven.internal.realnames.com Mail essentials (server 2.422) with SMTP id: <159874@heaven.internal.realnames.com> for <newcat@spsoft.co.kr>; Thu, 06 Dec 2001 10:07:57 +0000 (AM)
Received: by rincon.centraal.com with Internet Mail Service (5.5.2653.19) id <XHJ5GX2L>; Thu, 06 Dec 2001 10:11:14 -0800
Date: Thu, 06 Dec 2001 10:09:54 -0800
From: Nicolas Popp <nico@realnames.com>
Subject: RE: DoS attack ?
To: 'John C Klensin' <klensin@jck.com>, YangWoo Ko <newcat@spsoft.co.kr>
Cc: ietf-irnss@lists.elistx.com
Message-id: <7FC3066C236FD511BC5900508BAC86FE4364D0@trestles.internal.realnames.com>
MIME-version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-type: text/plain; charset="iso-8859-1"
List-Owner: <mailto:ietf-irnss-help@lists.elistx.com>
List-Post: <mailto:ietf-irnss@lists.elistx.com>
List-Subscribe: <http://lists.elistx.com/ob/adm.pl>, <mailto:ietf-irnss-request@lists.elistx.com?body=subscribe>
List-Unsubscribe: <http://lists.elistx.com/ob/adm.pl>, <mailto:ietf-irnss-request@lists.elistx.com?body=unsubscribe>
List-Archive: <http://lists.elistx.com/archives/ietf-irnss>
List-Help: <http://lists.elistx.com/elists/admin.shtml>, <mailto:ietf-irnss-request@lists.elistx.com?body=help>
List-Id: <ietf-irnss.lists.elistx.com>
You can also do what most search engines would. You return a (small) range of ranked results in the set of results and your last result is a referral back to you for the next range in the set...Then you try to detect automated crawlers that recursively follow the referrals and slow them down to a halt. So, just from that standpoint, it could be useful for the protocol to support the notion of results set range (query) as well as referral (response). -Nico -----Original Message----- From: John C Klensin [mailto:klensin@jck.com] Sent: Thursday, December 06, 2001 9:50 AM To: YangWoo Ko Cc: ietf-irnss@lists.elistx.com Subject: Re: DoS attack ? --On Friday, 07 December, 2001 02:35 +0900 YangWoo Ko <newcat@spsoft.co.kr> wrote: > On Thu, Dec 06, 2001 at 12:15:01PM -0500, John C Klensin wrote: >> A search in that search layer can specify values for any >> combination of facets that the searcher, or search-vendor, >> finds appropriate. Leaving one out is equivalent to "match >> anything that happens to be there". > > Dear John Klensin, > > What will happen if I send a query with {null, null, ...} > tuple ? Can I download the whole database ? It looks like a > very easy DoS attack. I thought I had explained this in the "dns search" document, but I think that any sensible search system vendor would prohibit that case, presumably by returning an "are you crazy?" error message. It might even be sensible to require that at least a name-string be present as a protocol matter (I think "dns search" suggests that). With or without such a protocol restriction, I'd expect search system vendors to be able to protect themselves against both DOS attacks and excessive data mining by recognizing over-broad searches and prohibiting them. Note that, in principle, one could accomplish a "return the whole internet" query by { {name-string "foo" ReallyBigNumber } } ReallyBigNumber } So just requiring that the name-string facet be present doesn't help much if one permits arbitrarily-great distance between the query string and strings in the database. ( In that notation, your (null, null, null,...) search on a single database would be { { } 0 } .) john
- RE: DoS attack ? Patrik Fältström
- Re: DoS attack ? YangWoo Ko
- RE: DoS attack ? Nicolas Popp
- RE: DoS attack ? Nicolas Popp
- RE: DoS attack ? John C Klensin
- RE: DoS attack ? Patrik Fältström
- RE: DoS attack ? John C Klensin
- RE: DoS attack ? Nicolas Popp
- Re: DoS attack ? John C Klensin
- Re: DoS attack ? John C Klensin
- Re: DoS attack ? Eric Brunner-Williams in Portland Maine
- DoS attack ? YangWoo Ko