Data on latency and loss-rates during congestion DDoS attacks

Damian Menscher damian at google.com
Sat Jan 25 17:38:02 UTC 2020


Getting (and releasing) numbers from DDoS attacks will be challenging for
most, but I think your research could apply to more than just DDoS.  There
are often cases where one might want to work from an environment which has
very poor networking.  As an extreme example, in 2007 I got online from an
internet cafe in Paramaribo.  But, as I told a friend at the time, "latency
is about 1s and packet loss around 10%".  It would be great if forward
error correction could have improved that experience.

Damian

On Fri, Jan 24, 2020 at 7:27 PM Amir Herzberg <amir.lists at gmail.com> wrote:

> Damian, thanks!
>
> That's actually roughly the range of losses we focused on; but it was
> based on my rough feeling for reasonable loss rates (as well as on
> experiments where we caused losses in emulated environments), and a
> reviewer - justifiably - asked if we can base our values on realistic
> values. So I would love to have real value, I'm sure some people have these
> measured (I'm actually quite sure I've seed such values, but the challenge
> is recalling where and finding it...).
>
> Also, latency values (under congestion) would be appreciated. Also here,
> we used a range of values, I think the highest was 1sec, since we believe
> that under congestion delays goes up considerably since many queues fill up
> [and again I seem to recall values around this range]. But here the
> reviewer even challenged us and said he/she doubts that delays increase
> significantly under network congestion since he/she thinks that the
> additional queuing is something mostly in small routers such as home
> routers (and maybe like the routers used in our emulation testbed). So I'll
> love to have some real data to know for sure.
>
> Apart from knowing these things for this specific paper, I should know
> them in a well-founded way anyway, as I'm doing rearch on and teaching
> net-sec (incl. quite a lot on DoS) :)
>
> --
> Amir
>
>
>
> On Fri, Jan 24, 2020 at 5:31 PM Damian Menscher <damian at google.com> wrote:
>
>> I suggest testing with a broad variety of values, as losses as low as 5%
>> can be annoying, but losses at 50% or more are not uncommon.
>>
>> Damian
>>
>> On Fri, Jan 24, 2020 at 4:41 AM Amir Herzberg <amir.lists at gmail.com>
>> wrote:
>>
>>> Dear NANOG,
>>>
>>> One of my ongoing research works is about a transport protocol that
>>> ensures (critical) communication in spite of DDoS congestion attack (which
>>> cannot be circumvented), by (careful) use of Forward Error Correction. Yes,
>>> obviously, this has to be done and used carefully since the FEC clearly
>>> increases traffic rather than the typical congestion-control approach of
>>> reducing it, I'm well aware of it; but some applications are critical (and
>>> often low-bandwidth) so such tool is important.
>>>
>>> I am looking for data on loss rate and congestion of DDoS attacks to
>>> make sure we use right parameters. Any chance you have such data and can
>>> share?
>>>
>>> Many thanks!
>>> --
>>> Amir Herzberg
>>> Comcast chair of security innovation, University of Connecticut
>>> Foundations of cybersecurity
>>> <https://www.researchgate.net/publication/323243320_Introduction_to_Cyber-Security_Part_I_Applied_Cryptography_Lecture_notes_and_exercises>, part
>>> I (see also part II and presentations):
>>> https://www.researchgate.net/publication/323243320_Introduction_to_Cyber-Security_Part_I_Applied_Cryptography_Lecture_notes_and_exercises
>>> <https://www.researchgate.net/project/Lecture-notes-on-Introduction-to-Cyber-Security>
>>>
>>>
>>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20200125/6c80ca54/attachment.html>


More information about the NANOG mailing list