Scrobbs Posted April 24, 2008 ...the University of Washington has come up with an idea to prevent DDoS from botnets, utilizing a similar idea called 'Phalanx'. http://technology.newscientist.com/article/dn13753-to-defeat-a-malicious-botnet-build-a-friendly-one.html http://www.usenix.org/events/nsdi08/tech/full_papers/dixon/dixon_html/index.html Interesting read, and if it works has teh potential to offer a solution to one of the bnigger threats to the inter-operability of the internet, particularly since the demise of Bluefrog a couple of years back. Share this post Link to post Share on other sites
ysbreker Posted April 24, 2008 hmm, both your links are borked :/ Share this post Link to post Share on other sites
Ginger Posted April 24, 2008 has teh potential to offer a solution to one of the bnigger threats I read your links I didn't see no solution to that there threat. Share this post Link to post Share on other sites
Ginger Posted April 24, 2008 I don't see it necessarily being all that a great a solution, I'm not up on my inter-web so my arguments may well be bollox. If they have a million server requests from bots surely my single attempt to access the site will only have a 1 in a million chance of the being the one that the server chooses to deal with at the time (so the site isn't crashed but it's still not effectively accessible), and although the idea of making the computer solve a problem seems like a good idea won't it be incredibly difficult to find an appropriate complexity for the problem that allows me on my old PC to not be overly slowed and be less than a tickle to a top end PC. Share this post Link to post Share on other sites
Scrobbs Posted April 24, 2008 Lol, good one. Fuck me, that first post really was low quality. Best delete it and forget all about it. Back to your point Ginger, the way they have talked about dealing with it is more straightforward if you have been to the site before and have an authentication token given by the server to the client, which would acti like a cookie. This would allow you to punch through the protective veil of mailboxes. First time connections seem to be dealt with the solving of a cryptographic puzzle - the more time the client spends solving it, the higher priority they get through the mailboxes, if I understand it correctly. Unfortunately, someone in the past in security came up with the word 'nonce' as an abbreviation of three words to describe 'number used once'. Rather amusingly, it has stuck and that article spends a good deal of time talking about nonces, general purpose nonces and random nonces. Share this post Link to post Share on other sites
DanJW Posted April 24, 2008 Unfortunately, someone in the past in security came up with the word 'nonce' as an abbreviation of three words to describe 'number used once'. Unfortunately - or AWESOMELY?! An interesting solution. But hackers are always one step ahead of security programmers (perhaps because they are the same people) and there might be ways to launch even more lethal attacks against such a system. Still, progres and all that. Share this post Link to post Share on other sites
brkl Posted April 25, 2008 That nonce thing is pretty stupid (in other ways than the obvious one). If NAND is 'not and', NONCE, to me at least, would be 'not once'. Share this post Link to post Share on other sites
Ginger Posted April 26, 2008 But hackers are always one step ahead of security programmers (perhaps because they are the same people) and there might be ways to launch even more lethal attacks against such a system. So glad you weren't around during the biltz. Share this post Link to post Share on other sites
