[mnet-devel] Grid Of Trust -- better ISPs
Some Guy
amichrisde at yahoo.de
Thu Dec 11 10:03:21 GMT 2003
--- Jim Dixon <jdd at dixons.org> wrote:
> On Wed, 10 Dec 2003, [iso-8859-1] Some Guy wrote:
Ok I'm going to fork this email into two topics.
1) What could an ISP do years down the road to protect us from floods.
2) What can we do now by clustering.
This email will be for number 1.
> > Am I giving you any ideas here?
>
> Not so far.
Start over. Let's consider Al the town ISP. He's got a CIDR block of 2^12=4096 IPs and a lot of
bandwidth.
Now I want 16 IPs dynamically selected randomly from from Al's block so that an adversary can't
guess one from the other. I want each of these IPs to have it's own bandwidth, so if an adversary
floods one the others are ok.
Al says "sure no problem just buy 16 DSL subscriptions on 16 phone lines and I'll hook you up with
16 dynamic IPs. You'll have to pay 16 times the price though."
Now let's improve on this design some and see if we can avoid having to pay 16 times the price.
The first thing that can be reduced is the medium. Instead of 16 independent pieces of twisted
copper going to my house with phone service I don't need, we could replace them with a 16 mode
fiber as Jim suggested.
Let's say I don't need all that bandwidth though, because I'm just running a small P2P app. I
could take my original DSL line and break it up with some multiplexing into 16 lines each with
1/16th the bandwidth. I could probably run something like PPPoE 16 times to get the 16 IPs. It's
just a question of putting better devices on both ends, the media can remain unchanged.
One, crazy idea for a service that would provide the same protection without the ISP doing
anything. You could pay a 3rd party run a relay station. He could get a bunch of IPs and then
grant them out to users. So you'd use your normal Internet connection to connect to him. Then
use PPPoE on top of the internet (instead of ethernet it really runs on TCP) to get your 16 IPs.
It just seems dumb to do this work anywhere else but at the ISP, because of increased latency and
routing.
All these ideas assume that the ISP isn't out to get you and that the adversary doesn't have the
resources to flood him.
The cost of doing all these things should go down over time and IPs should become more plentiful.
__________________________________________________________________
Gesendet von Yahoo! Mail - http://mail.yahoo.de
Logos und Klingeltöne fürs Handy bei http://sms.yahoo.de
-------------------------------------------------------
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills. Sign up for IBM's
Free Linux Tutorials. Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
_______________________________________________
mnet-devel mailing list
mnet-devel at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mnet-devel
More information about the Mnet-devel
mailing list