Firewall Wizards mailing list archives
Re: Off topic: Any one know of a good IPV6 reference book?
From: "Marcus J. Ranum" <mjr () ranum com>
Date: Wed, 30 Jul 2003 21:07:48 -0400
If every single packet had an authentic source IP address, then DDoS problems would be much easier to manage.
By the way, using cryptographic authentication and/or especially
public key operations in your networking stack offers a *TERRIFIC*
new form of CPU exhaustion DDOS. We haven't seen attackers
using that kind of attack because basically nobody's using IPSEC
("nobody" in terms of overall computing demographics) but the
threat may still exist. Adding cryptography to load-sensitive, memory
space-sensitive, or complexity-sensitive problems is a recipe for making
things WORSE not BETTER!!!
mjr.
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Off topic: Any one know of a good IPV6 reference book? Marcus J. Ranum (Jul 30)
- Re: Off topic: Any one know of a good IPV6 reference book? Crispin Cowan (Jul 30)
- Re: Off topic: Any one know of a good IPV6 reference book? Paul Robertson (Jul 30)
- Message not available
- Re: Off topic: Any one know of a good IPV6 reference book? Marcus J. Ranum (Jul 31)
- Re: Off topic: Any one know of a good IPV6 reference book? Crispin Cowan (Jul 30)
- Re: Off topic: Any one know of a good IPV6 reference book? David Wagner (Jul 31)
- Re: Off topic: Any one know of a good IPV6 reference book? Dave Piscitello (Jul 31)
- Re: Off topic: Any one know of a good IPV6 reference book? Marcus J. Ranum (Jul 31)