Firewall Wizards mailing list archives
Re: client puzzle protocol
From: Tommy Ward <tommy () securify com>
Date: Fri, 18 Feb 2000 14:48:44 -0800
I think several people have already put a lot more engineering analysis into RSA's proposed "solution" than it deserves. It clearly seems like it is based more on marketitecture, which was aimed at grabbing some mind share of the uninformed public than on creating any kind of workable solution to DoS or DDoS threats. I think the following from one of my colleagues in Sydney sums it up best: "Nah, RSA's solution is to DOS the web site for you, so you, the discerning hacker, don't have to." Matt Barrie <matt () infilsec com>
It may prevent spoofing, but I think massive parallel puzzling by large numbers of zombies with genuine unwanted connections will beat this and anything else of the kind.
******************************************************************************* Tommy Ward V.P. Operations, Western Region 650-812-9400 x4120 tommy () securify com Kroll-O'Gara Information Security Group ********************************************************************************
Current thread:
- client puzzle protocol Michael B. Rash (Feb 15)
- Re: client puzzle protocol daN. (Feb 17)
- Re: client puzzle protocol Michael B. Rash (Feb 17)
- Re: client puzzle protocol Paul Cardon (Feb 20)
- Re: client puzzle protocol Michael B. Rash (Feb 19)
- Re: client puzzle protocol Ge' Weijers (Feb 21)
- Re: client puzzle protocol daN. (Feb 24)
- Re: client puzzle protocol Todd Joseph (Feb 20)
- Re: client puzzle protocol daN. (Feb 17)
- Re: client puzzle protocol Shafik Yaghmour (Feb 17)
- <Possible follow-ups>
- Re: client puzzle protocol Antonomasia (Feb 17)
- Re: client puzzle protocol Tommy Ward (Feb 19)
- Re: client puzzle protocol Gregory Stark (Feb 20)
- Re: client puzzle protocol Michael B. Rash (Feb 19)
- Re: client puzzle protocol Antonomasia (Feb 21)