Re: DoS attack ?

John C Klensin <klensin@jck.com> Thu, 06 December 2001 17:57 UTC

Return-Path: <ietf-irnss-errors@lists.elistx.com>
Received: from ELIST-DAEMON.eListX.com by eListX.com (PMDF V6.0-025 #44856) id <0GNX00704OJ0SS@eListX.com> (original mail from klensin@jck.com); Thu, 06 Dec 2001 12:57:00 -0500 (EST)
Received: from CONVERSION-DAEMON.eListX.com by eListX.com (PMDF V6.0-025 #44856) id <0GNX00701OIZSQ@eListX.com> for ietf-irnss@elist.lists.elistx.com (ORCPT ietf-irnss@lists.elistx.com); Thu, 06 Dec 2001 12:56:59 -0500 (EST)
Received: from DIRECTORY-DAEMON.eListX.com by eListX.com (PMDF V6.0-025 #44856) id <0GNX00701OIZSP@eListX.com> for ietf-irnss@elist.lists.elistx.com (ORCPT ietf-irnss@lists.elistx.com); Thu, 06 Dec 2001 12:56:59 -0500 (EST)
Received: from bs.jck.com ([209.187.148.211]) by eListX.com (PMDF V6.0-025 #44856) with ESMTP id <0GNX00718OIYL5@eListX.com> for ietf-irnss@lists.elistx.com; Thu, 06 Dec 2001 12:56:58 -0500 (EST)
Received: from [209.187.148.217] (helo=P2) by bs.jck.com with esmtp (Exim 3.22 #1) id 16C2ir-000GzH-00; Thu, 06 Dec 2001 17:54:13 +0000
Date: Thu, 06 Dec 2001 12:54:12 -0500
From: John C Klensin <klensin@jck.com>
Subject: Re: DoS attack ?
In-reply-to: <200112061751.fB6Hpml16717@nic-naa.net>
To: Eric Brunner-Williams in Portland Maine <brunner@nic-naa.net>, YangWoo Ko <newcat@spsoft.co.kr>
Cc: ietf-irnss@lists.elistx.com
Message-id: <125246027.1007643252@P2>
MIME-version: 1.0
X-Mailer: Mulberry/2.1.1 (Win32)
Content-type: text/plain; charset=us-ascii
Content-transfer-encoding: 7BIT
Content-disposition: inline
References: <200112061751.fB6Hpml16717@nic-naa.net>
List-Owner: <mailto:ietf-irnss-help@lists.elistx.com>
List-Post: <mailto:ietf-irnss@lists.elistx.com>
List-Subscribe: <http://lists.elistx.com/ob/adm.pl>, <mailto:ietf-irnss-request@lists.elistx.com?body=subscribe>
List-Unsubscribe: <http://lists.elistx.com/ob/adm.pl>, <mailto:ietf-irnss-request@lists.elistx.com?body=unsubscribe>
List-Archive: <http://lists.elistx.com/archives/ietf-irnss>
List-Help: <http://lists.elistx.com/elists/admin.shtml>, <mailto:ietf-irnss-request@lists.elistx.com?body=help>
List-Id: <ietf-irnss.lists.elistx.com>

Exactly.  And, as with the whois case, it is reasonable that
database providers be able to protect themselves.  The question
about the reasonable limits of such protection is a complicated
one (going back to the dawn of shared/ commercial databases and
information retrieval and query systems), but, fortunately, is
rarely or ever a protocol problem.

    john

--On Thursday, 06 December, 2001 12:51 -0500 Eric
Brunner-Williams in Portland Maine <brunner@nic-naa.net> wrote:

> YangWoo,
> 
> I wouldn't refer to this as a DoS attack, rather as a
> mechanism for the (unauthorized) replication (of some or all)
> of the store.
> 
> It may matter that what amounts to an unauthorized zone
> transfer ties up the data flow source node, or its local
> bandwidth, and that these may be synchronized across multiple
> sink nodes to fully consume either host cpu or subnet i/o
> resource, but that is only one case (discard-at-sinks) of
> resource replication.
> 
> We see the latter in data mining against whois servers, and I
> would expect that resource capture isn't confined to
> telemarketers mining for telephone contact data.
> 
> Eric
> 
> 
>