|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Improving Robustness of Distributed Services (Re: DDoS attacks)
> * Most of DoS attacks are against IRC networks. Hence, if we can get rid of those, the health of the Internet as a whole should improve. > * Experience gathered with this approach should be useful to developers and administrators of other distributed services and protocols. To paraphrase Lilu in _The Fifth Element_, "mooolteeeecaast". Multicast. It's a huge leap, which would require development, no doubt. However, consider the following: - What is IRC, or for that matter net-news, at its heart? A transient, store-and-forward, one-to-many message system. In otherwords, multicast re-implemented on unicast, in some cases poorly and at great cost (news). - What happens to IRC when you change this to multicast? IRC channels morph to multicast groups; RPs replace IRC servers; and most importantly, the infrasture "glue" no longer has a visible IP address, and becomes much less vulnerable to attack. Multicast has *intrisnic* RPF checking (that's how it works, in fact). Attackers cut themselves off first, before any propogation occurs. The protocol(s) deals with localized 'issues'. Anyone wishing to interrupt the IRC network would have to attack the entirety of the Internet, simultaneously. (This is *not* a challenge, really.) How difficult would it be to (a) implement, and (b) to migrate the users over to the new system? I can't speak to (a), never having operated a network with a network-administered IRC server (that I know of anyway ;-)). As to (b), if an initial gateway from unicast<->multicast (think MBGP<->DVMRP for the mbone) or many exist, should be easy. Show users that the new system is more resilient, and they'll use it. More importantly, have the operators and/or upstream networks promise to support the old system for a limited time only, after successful deployment of the new system. For network admins, the fact that it's more efficent for backbone use (a bigger factor near the edge, where bottom-tier ISPs with not many resources, and lots of IRC users - fill the modem ports with bandwidth, at no cost to your upstream link!) should be a selling point in and of itself. A significant number of top-tier networks already have the necessary multicast support and peering. Not much more needs to happen, beyond client and server software, and administrative tools. Multicast. A solution looking for a problem; a problem found, at last. :-) Brian Dickson
|