nanog mailing list archives
Re: key change for TCP-MD5
From: Jared Mauch <jared () puck nether net>
Date: Wed, 21 Jun 2006 09:03:55 -0400
On Tue, Jun 20, 2006 at 05:18:20PM -0700, Randy Bush wrote:
The added cost for CPU-bound systems is that they have to try (potentially) multiple keys before getting the **right** key but in real life this can be easily mitigated by having a rating system on the key based on the frequency of success.This mitigates the effect of authenticating valid packets. However, this does not appear to help at all in terms of minimizing the DOS effect of an intentional DoS attack that uses authenticated packets (with the processing time required to check the keys the intended damage of the attack).gstm
this doesn't help if the vendor can't implement it
correctly and does the md5 calc before checking the ttl :(
- jared
--
Jared Mauch | pgp key available via finger from jared () puck nether net
clue++; | http://puck.nether.net/~jared/ My statements are only mine.
Current thread:
- Re: key change for TCP-MD5, (continued)
- Re: key change for TCP-MD5 Crist Clark (Jun 20)
- Re: key change for TCP-MD5 Valdis . Kletnieks (Jun 20)
- RE: key change for TCP-MD5 Randy Bush (Jun 20)
- RE: key change for TCP-MD5 Ross Callon (Jun 20)
- Re: key change for TCP-MD5 Richard A Steenbergen (Jun 20)
- Re: key change for TCP-MD5 Warren Kumari (Jun 20)
- Re: key change for TCP-MD5 Randy Bush (Jun 20)
- Re: key change for TCP-MD5 Ross Callon (Jun 21)
- Re: key change for TCP-MD5 David Barak (Jun 21)
- Re: key change for TCP-MD5 Richard A Steenbergen (Jun 20)
- RE: key change for TCP-MD5 Randy Bush (Jun 20)
- Re: key change for TCP-MD5 Jared Mauch (Jun 21)
- Re: key change for TCP-MD5 Randy Bush (Jun 21)
- Re: key change for TCP-MD5 Steven M. Bellovin (Jun 26)
- RE: key change for TCP-MD5 Randy Bush (Jun 21)
- Re: key change for TCP-MD5 Iljitsch van Beijnum (Jun 21)
- Re: key change for TCP-MD5 Niels Bakker (Jun 25)
- Re: key change for TCP-MD5 Iljitsch van Beijnum (Jun 26)
- RE: key change for TCP-MD5 Randy Bush (Jun 21)