DSR and Denial of Service Attacks

I am writing this note after reading about the February 2000 Distributed Denial of Service attacks. Such attacks are just one of the vulnerabilities that arise when no attention is paid to incentives or payment for resources in the design of distributed computer systems.

In Schneier’s description of the attack he says “I believe that any long-term solution will involve redesigning the entire Internet.” and later “Unfortunately, there are no plans to redesign the Internet in this way, and any such undertaking might be just too complicated to even consider.”. I fear that Schneier is about right. Schneier proposes network architecture modification like those that solved the phone company’s problem with blue boxes.

I want to describe other solutions, or at least directions towards solutions to such problems, but first I hasten to warn that there are no quick fixes described here. Indeed I fear that it will take even more drastic incidents to push people along the road described in these pages. Perhaps others can find ways to adapt these ideas sooner, however. The schemes described here alleviate a variety of other pains of the current network—but I will stick to denial of service here.

The attack of the Zombies

The instigator in this attack finds a number of computers attached to the Internet with known gullibilities which may be exploited not to the detriment of that computer but to the detriment of some other victim with no known weakness. These computers are the zombies. Thru their gullibilities, the zombies are instructed to launch traffic towards the victim. This collective traffic from the zombies so congests the network near the victim that the victim cannot communicate with the world and is cut off. Note that the zombies are not much inconvenienced by this and there is little incentive or even indication to the operator of the zombie that there is anything amiss. It is easy to see that a well planned attack can leave the zombies with no recollection of their origin, thus making finding the instigator very difficult. With IP source address spoofing even the zombies are difficult to find.

The DSR Solution

With DSR each packet conveys value to the recipient by pre arrangement of the two parties connected to the wire that carries the packet. Each packet arriving at X’s site comes with an obligation by the immediate sender to pay X something. See the paper for more detail. The obvious adaptation of the Zombie attack would leave the victim with large payments due from his immediate network peers. But more importantly it would provide operators of potential zombies with incentive to install security sufficient to guard their petty cash. Indeed such attack software might be deployed in a conspiracy with the victim to split the proceeds.

Some services are valuable well out of proportion to their cost. They are cheap typically due to competition. Consider some strategic service S which relies on some commodity service s. Imagine that the supply and demand for s are in good equilibrium. The marginal cost of providing s is low and so is the price. A saboteur plans to disrupt S by buying all of s.

If S is indeed strategic then it is presumably possible to outbid the saboteur, but market mechanisms may take time to equilibrate, especially if the price patterns are unfamiliar.