[chord] FW: DGOS to combat DDOS? Idea...

N.Z. Bear bear at truthlaidbear.com
Mon Jul 10 12:33:20 EDT 2006 

Folks: 

 

Hello there! I operate the weblog search engine / portal The Truth Laid Bear
(http://truthlaidbear.com <http://truthlaidbear.com/> ) and have come upon
the Chord project while researching peer-to-peer networks. 

 

The reason for my interest is shown below: recently, individual weblogs and
their hosts have suffered from DDOS attacks, resulting in their author's
being cut off from the blogosphere community and unable to post. I am
therefore currently trying to develop a working group to look at the problem
and develop some kind of peer-to-peer infrastructure that would allow
attacked bloggers to continue posting. 

 

I'd welcome suggestions/input from anyone on the Chord team. Best regards.

 

NZ Bear

The Truth Laid Bear

http://truthlaidbear.com <http://truthlaidbear.com/> 

 

 

  _____  

From: N.Z. Bear [mailto:bear at truthlaidbear.com] 
Sent: Sunday, July 09, 2006 10:18 PM
To: 'N.Z. Bear'
Subject: DGOS to combat DDOS? Idea...

 

Folks: 

 

With Jeff Goldstein coming under yet another DDOS attack today, it got me
thinking about how it might be possible to architect a system to combat such
outages. So I'd like to get some smart minds thinking about how to set up a
system to defeat DDOS attacks once and for all. I've got some ideas; my
initial thoughts below. If you like the idea, spread the word and let's get
some discussion going.

 

NZ

 

 

http://www.truthlaidbear.com/archives/2006/07/09/fight_ddos_with_dgos.php

 

 

Fight DDOS with DGOS? 

July
<http://www.truthlaidbear.com/archives/2006/07/09/fight_ddos_with_dgos.php#0
02938>  09, 2006 06:44 PM

Glenn reports that Jeff Goldstein is suffering another DDOS attack, limiting
access to the Protein Wisdom we all crave. 

I agree with the Instafellow: this is indeed getting out of hand. 

So I have a thought. It seems that what we bloggers need is a way to combat
a Distributed Denial Of Service (DDOS) attack which leverages the same
principals as the attack itself --- most particularly, the Distributed part.
Call it a Distributed Guarantee Of Service. 

The challenge is this: how could we establish a system so that a blogger
suffering a DDOS attack (or simple system downtime, even) could be
guaranteed a way to post during their outage.

The key part would be setting up a way for member blogs to 'host' a downed
blogger's posts. It seems to me that there are two categories of bloggers
that matter here: those that are on limited / controlled hosts such as
Blogspot (who therefore can't run server-side scripts, but can generally
include Javascript code) and those who have full hosts (who can run PHP or
other server-side scripts). 

So what I'm picturing is a PHP script that would provide the actual
'hosting' which would run on the full hosts, and actually act as a temporary
guest home for a downed blogger. And then perhaps a Javascript applet for
the limited hosts which could at least serve as a notifying beacon that
there is a blogger in 'down' status, and link a reader to the full hosts to
actually see that blogger's posts. 

There's lots of design details to be done here. How could the blogger post?
E-mail, or via a simple web-form hosted by the full members? How can the
post, once entered on one full member's site, be replicated automatically to
all other members? (That's the magic: it has to be replicated so that the
DDOS attacker can't just re-target a single backup site). 

I'll noodle on this more and post further thoughts, but I'd like to open the
discussion and get some other smart minds working on this problem. Comments
are open --- let's get to work!

-N.Z.

Update: OK, we've got some good discussion rolling in the comments. So
here's the deal: I've got ideas, and I can contribute support & a bit of
thought bandwidth to this effort. But there's no way I can be the primary
driver of this, what with everything else I've piled on my plate. So we need
some volunteers who do have some bandwidth to form a working group to
further flesh out this problem and potential solutions, and then go ahead
and actually do it. 

So: if you're interested in being part of such an effort, speak up in the
comments, and/or e-mail me directly <mailto:bear at truthlaidbear.com> . If
necessary, I can set up a Wiki or a mailing list to facilitate the
discussion --- but if someone else can do that, go ahead and do it! I won't
be offended. 

With that said, a few more ideas on the substance of the problem:

I believe our goal is not strictly "fault tolerance" for a given blog or set
of blogs. I think accomplishing that is impractical, and would involve some
kind of mirroring solution that would be overkill for what we're trying to
accomplish. In my mind, our goal should be to ensure that when a blogger's
site is down:

*	a) They have a place to post new blog posts
*	b) There is an established system so that their readers can find
those new blog posts
*	c) The new posts are hosted in a distibuted manner so that they are
mirrored on many different sites and are therefore protected from a
secondary DDOS attack. 

Note that what this essentially means is that we wouldn't be constantly
mirroring every participating blog's site --- we'd simply be mirroring new
posts by a downed blogger once the system is activated. This strikes me as a
simpler, and more realistic approach, although I'm open to thoughts about
some crude level of mirroring for recent, pre-DDOS attack posts. Terry
proposed using RSS feeds below, which is a good first thought, but I can say
from my experience with TTLB that the main problem there is many bloggers
don't include full content in their RSS feeds. I suspect a better solution
might be brute force: just have a way to copy the full HTML of each blog's
front page to a distributed archive. The cleverest way would be to somehow
have each blog copied to a small number of mirror-blogs (let's say 10) ---
if we have a solution spanning hundreds or thousands of blogs, it obviously
doesn't make sense to have every blog mirrored at every other blog's site.

Finally, I'd suggest that we approach this problem in several phases:

*	Phase 1: Quick, Dirty, and Manual: With only a little bit of
coordination, we could set up a mostly-manual system virtually immediately
which would allow a downed blogger to have a place to go. This could be as
simple as identifying several volunteers with MovableType or other
full-hosted blogs who are willing to create a special "DGOS blog" within
their installlation that, in the event of an attack, a downed blogger would
be given access to for posting. I'm sure there are other ways to approach
the problem manually too -- let's start there! 
*	Phase 2: Automated and Distributed: With a manual solution in place,
we can focus on implementing the whiz-bang approaches I've started outlining
above, or alternatives. 
*	Phase 3: Nirvana: With any complex implementation, I find that the
first release is never really the full solution you wanted. We'll probably
find that we've got a medium-term Phase 2 solution that will work, but isn't
perfect, and a long-term Phase 3 solution that is really everything we want
it to be. 

OK, that's enough from me for now. Like I said, please speak up if you're
willing to join a working group and get cracking on this, and even if you
are not, please spread the word on this idea. Thanks!

-N.Z.

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://amsterdam.lcs.mit.edu/pipermail/chord/attachments/20060710/a51573b6/attachment-0001.htm

More information about the chord mailing list