1

Query-Flood DoS AttacksQuery-Flood DoS Attacksin Gnutellain Gnutella

by Andreas Legrum

based upon a paper byNeil Daswani and Hector Garcia-Molina

2

OverviewOverview

What does DoS mean?How does Gnutella work? (simplified)Policies to select queriesWhat is a good/malicious node?How to measure the damage inflicted?Examples for network topologiesWhich policies/topologies work best?SummaryQuestions

3

What does DoS mean?What does DoS mean?

DoS: abbreviation for Denial of ServiceNormally done by flooding a PC with (useless) requests in order to cut CPU time for the other running processes including GUI. The PC seems to be frozen although he’s only trying to cope with the incoming data and so he’s no longer offering any useful service.

4

How does Gnutella work? How does Gnutella work? (simplified)(simplified)

Network of supernodesClients send their queries to the node they are connected to

Nodes forward incoming queries to their neighbors and clientsQueries have a TTL specifying the max. number of nodes to travel

5

Policies to select queriesPolicies to select queries

Reservation RatioIncoming Allocation Strategy (IAS)Drop Strategy (DS)

Reservation RatioReservation RatioA fractal defining how many percent of a nodes query processing capacity is reserved for local peers.If there aren’t enough queries from local peers, left over capacity is used for remote peer’s queries (queries received from other supernodes).

6

Policies to select queries

Incoming Allocation Strategy (IAS)Incoming Allocation Strategy (IAS)Weighted IASNodes sending more queries will be given more processing capacity. So each connected node will have approximately the same percentage of queries served.Fractional IASThe available capacity is equally distributed among among all connected nodes, no matter how many queries they’ve sent.

Leftover capacity is distributed by reapplying the strategy.

7

Policies to select queries

Drop Strategy (DS)Drop Strategy (DS)Queries are grouped by same source IP and TTLProportionalEach group has the same percentage of queries served.EqualEach group has the same amount of queries served.OrderByTTL (PreferHighTTL / PreferLowTTL)Queries with high/low TTL are served first.

Again, leftover capacity is redistributed by reapplying.

8

What is a What is a good/malicious nodegood/malicious node??

not serving / forwarding incoming queries -> structural damagesending out lots of useless queries -> flooding damageBest modeled by setting the reservation ratio to 1 and having the node generate as much queries possible

Characteristics of a Characteristics of a maliciousmalicious node: node:

Characteristics of a Characteristics of a goodgood node: node:

The model presented is simple enough to be modeled.To do so, we have to specify two kinds of nodes.

Most nodes in the network are good nodes

Trying to maximize the networks service by setting its reservation ratio close to the optimal value

Modeled as a normal node; all good nodes are modeled having the same processing capacity and using the best average reservation ratio

9

How to measure the damage How to measure the damage inflicted?inflicted?

The damage of query-flood DoS attacks is mainly a reduction of the amount of remote service the network is offering.To measure this damage, the service capacity has to be calculated before and after turning a good into a malicious node.

10

Examples for network topologiesExamples for network topologies

11

Which policies/topologies work best?Which policies/topologies work best?

In order to test the effectiveness of the policies, tests had been run on simulated networks of 14-16 nodes at worst-case conditions.This table shows the percentage loss in service after a node was turned into a malicious one:

It’s easy to see that fractional/equal has the lowest loss.

12

Which policies/topologies work best?Which policies/topologies work best?

When comparing fractional/equal with weighted/proportional while the malicious node is at the worst possible point in the network, you see that the better policies might be up to 4.4 times better than worse ones.

13

Which policies/topologies work best?Which policies/topologies work best?It also can be seen that the complete (K) topology takes the lowest damage when using the best policies. Unfortunately it may not be practically used in networks with thousands of clients.Also, malicious nodes at center positions may inflict higher damage then those at the borders of the network.

14

SummarySummary

It’s impossible to save an open network from malicious nodes, but by using efficient query selection policies the damage dealt may be reduced.Also some of the damage might be prevented by selecting an optimal topology and not having these nodes easily take a center position in the network.

15

Questions?Questions?

Are there any Are there any questions?questions?