nanog mailing list archives
Re: Cisco's Statement about IPR Claimed in draft-ietf-tcpm-tcpsecure
From: Patrick W.Gilmore <patrick () ianai net>
Date: Thu, 13 May 2004 14:05:47 -0400
On May 13, 2004, at 1:48 PM, Steven M. Bellovin wrote:
In message <Pine.NEB.4.58.0405122134560.9034 () server duh org>, Todd Vierling writes:On Tue, 11 May 2004, David Krause wrote: : http://www.ietf.org/ietf/IPR/cisco-ipr-draft-ietf-tcpm-tcpsecure.txt The same document that fully ignores that port number randomness will severely limit the risk of susceptibility to such an attack?How many zombies would it take to search the port number space exhaustively?
Irrelevant.The limiting factor here is how many packets can make it to the CPU. Using 10K pps as a nice round (and high) figure, a single machine can do that.
Also, many of the calculations I've seen assume much higher pps when calculating time to reset a session. Has anyone done a test to see what a Juniper M5/10/whatever and a GSR can actually take without dropping packets due to rate limiting and/or falling over from being packeted?
-- TTFN, patrick
Current thread:
- Cisco's Statement about IPR Claimed in draft-ietf-tcpm-tcpsecure David Krause (May 11)
- Re: Cisco's Statement about IPR Claimed in draft-ietf-tcpm-tcpsecure Tony Li (May 11)
- Re: Cisco's Statement about IPR Claimed in draft-ietf-tcpm-tcpsecure Todd Vierling (May 12)
- Re: Cisco's Statement about IPR Claimed in draft-ietf-tcpm-tcpsecure Peter Galbavy (May 13)
- Re: Cisco's Statement about IPR Claimed in draft-ietf-tcpm-tcpsecure Valdis . Kletnieks (May 13)
- Re: Cisco's Statement about IPR Claimed in draft-ietf-tcpm-tcpsecure Todd Vierling (May 13)
- Re: Cisco's Statement about IPR Claimed in draft-ietf-tcpm-tcpsecure Iljitsch van Beijnum (May 13)
- Re: Cisco's Statement about IPR Claimed in draft-ietf-tcpm-tcpsecure Todd Vierling (May 13)
- Re: Cisco's Statement about IPR Claimed in draft-ietf-tcpm-tcpsecure Henning Brauer (May 13)
- Re: Cisco's Statement about IPR Claimed in draft-ietf-tcpm-tcpsecure Steven M. Bellovin (May 13)
- Re: Cisco's Statement about IPR Claimed in draft-ietf-tcpm-tcpsecure Patrick W . Gilmore (May 13)
- RE: Cisco's Statement about IPR Claimed in draft-ietf-tcpm-tcpsecure Terry Baranski (May 19)
- Re: Cisco's Statement about IPR Claimed in draft-ietf-tcpm-tcpsecure Iljitsch van Beijnum (May 13)