[OLPC Networking] Issues with the wireless mesh devices

info at olpc-peru.info info at olpc-peru.info
Mon Mar 3 11:33:42 EST 2008


Kim wrote: "...The network admin guys are quiet concerned about the DDOS possibilities."

I comment,

Hi Kim,

I am very intested in the networking issue... because I am mounting a small lab to emulate
the enviroment of the XOs & Acces Point & wireless work...

About DDOS:

At the end of this message the definition of a DDOS (distributed Denial of Service Attack... for those that need to know)

Comments:

a) DDOS is possibe ONLY if you are connected to the Internet (technically is possible in any enviroment, but lets analyze the most possible common source of problems).
b) I imagine the next scenary: 
  1) Only the "School Server" (if exists) will be directly connected to the Internet
  2) The XOs will have private address, not public internet address.

So only the "School Server" is available for a DDOS.  This lead us to 2 other possibilities:
  I) The S.Server is directly connected to the Internet by... (wich provider? VSAT? wich service?)
  II) The S.Server is getting the Internet from a "tunnel" that connects the S.Server with the OLPC foundation Internet connection.
  III) The S.Server is connected to the Internet by "local" connections to local internet providers, directly.  The S.Server has its own public IP.
  IV) The S.Server use a dial up to connect to the Internet.  Each time it dials the S.Server gets a dynamic public IP address (that comes from a pool that the Internet service provider will assign).  The S.Server is a "server" for the XOs... not a "server" for the Internet.  If you want to deploy an "Internet Server" and get rid of the problems with DDOS then you can hire (or the OLPC can provide) space in their servers to mount any "server" service (!) that a kid in Peru (bravo!) want to mount and put at the service of the whole world (super bravo! here we come, naked internet at the root... are coming back to the 80's??? sorry... it is a dream... dangerous dream!)
  IV) The S.Server is connected to the Internet by "other" methods, like a "USB mule" (since I am in Peru I will call it from this moment a "USB llama" !!!)

  Each of this scenary can be build with some protection against DDOS (and nothing is perfect), and using NATs will put the responsability of working against DDOS (a daily task, permanent) in the hands of the people/team/company that provide the first "internet public ip address" in the other side of the NAT.  Each of this options (I to V) has its own ways to work against DDOS.

I don't think that the "network admin"s should be too worry about DDOS because depending on the networking design this should not be a problem at all.

If someone can tell me what is the official network design in this moment, then I can analyze more this DDOS possibility and tell more about measures to avoid.

Best regards,

Javier Rodriguez
Lima, Peru
 


---------------------------------------------------------
distributed denial-of-service attack

DEFINITION - On the Internet, a distributed denial-of-service (DDoS) attack is one in which a multitude of compromised systems attack a single target, thereby causing denial of service for users of the targeted system. The flood of incoming messages to the target system essentially forces it to shut down, thereby denying service to the system to legitimate users.

A hacker (or, if you prefer, cracker) begins a DDoS attack by exploiting a vulnerability in one computer system and making it the DDoS "master." It is from the master system that the intruder identifies and communicates with other systems that can be compromised. The intruder loads cracking tools available on the Internet on multiple -- sometimes thousands of -- compromised systems. With a single command, the intruder instructs the controlled machines to launch one of many flood attacks against a specified target. The inundation of packets to the target causes a denial of service.

While the press tends to focus on the target of DDoS attacks as the victim, in reality there are many victims in a DDoS attack -- the final target and as well the systems controlled by the intruder.

http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci557336,00.html 
---------------------------------------------------------




Kim Hawtin wrote:
> Forwarding due to the quietness over on Networking at lists.laptop.org =)
>
> Kim Hawtin wrote:
>   
>> Is this the correct forum to post questions around the wireless mesh devices?
>>
>> I took an XO to a community wireless[1] monthly meeting this week.
>> We had a number of problems with other wireless devices, we believe
>> directly related, to the XO being turned on, then stopped when the
>> XO was turned off.
>>
>> I purchased some kit the same as in the APs that we use and hope to
>> either confirm or discount the XO as the culprit. The network admin
>> guys are quiet concerned about the DDOS possibilities.
>>
>> The access point is a Alix router board with a pair Atheros wireless
>> minipci NICs. Here is a snippet from the log on the host;
>>
>>     
>>> ath1: device timeout
>>> ath1: hardware error; resetting
>>> ath1: 0x00000020 0x00000000 0x00000000, 0x48000000 0x00000000 0x00000000
>>> ath1: ath_reset: unable to reset hardware; hal status 3
>>> ath1: device timeout
>>> ath1: hardware error; resetting
>>> ath1: 0x00000020 0x00000000 0x00000000, 0x60000000 0x00000000 0x00000000
>>> ath1: ath_reset: unable to reset hardware; hal status 3
>>>       
>> It appears that both Atheros NICs went awol at the same time and the AP/router
>> needed to be hard reset/power cycled.
>>
>> Are there any tools that I can use to determine whats going on here?
>> I noticed there was a wireshark patch is that for the XO itself?
>>
>> I've asked the netadmins for the APs for as much info as they can give us.
>> So hopefully we can resolve this sooner rather than later =)
>>
>> regards,
>>
>> Kim
>> --
>> [1] www.air-stream.org
>> _______________________________________________
>> Networking mailing list
>> Networking at lists.laptop.org
>> http://lists.laptop.org/listinfo/networking
>>     
>
> _______________________________________________
> Devel mailing list
> Devel at lists.laptop.org
> http://lists.laptop.org/listinfo/devel
>
>
>   




More information about the Devel mailing list