Firewall Wizards mailing list archives
Re: client puzzle protocol
From: "Gregory Stark" <greg () securityguides com>
Date: Fri, 18 Feb 2000 13:20:05 -0500
----- Original Message ----- From: "Antonomasia" <ant () notatla demon co uk>
It may prevent spoofing, but I think massive parallel puzzling by large numbers of zombies with genuine unwanted connections will beat this and anything else of the kind.
The RSA paper does in fact handle this. Similar ideas have been mentioned on the IPsec mailing list. The basic idea is to make the client save the state info that the server normally would save. Part of solving the "puzzle" would be to hand back to the server the state blob he originally handed you. In a simplified version of the puzzle, the server computes y = f(x) where f() is a cryptographically one-way hash function like SHA1 or MD2/4/5. The client must invert the function and recover x to solve the puzzle. The server gives the client a "hint", telling it all but k bits of x. The client then tries all the remaining possibilities for the unspecified k bits until it finds the correct x. If the server also gives the client an encrypted form (with 3des and key x for example) of its TCP state (struct TCPState {Window w1; unsigned long seqnum; Whatever w2}) then the server can deallocate the memory for this state. If a client completes a puzzle correctly and returns the TCPState then server can allocate the memory and keep it. The real protocol would use time stamps, digital signatures / MACs, and secret keys known only to the server to make it secure, but these are the basics. If you actually flesh it out, the server doesn't need to store anything, not even the outstanding (x,y) pairs. See the RSA paper for the actual details. When a client tries to open a TCP connection the server hands him a puzzle (via UDP so we do not care if they get it, they'll just have to ask again if they don't). The client must solve the puzzle and send it back to the server (via UDP so if the client becomes impatient it can send it again). If the server receives a correctly completed puzzle, suitably fresh, it reallocates the state and completes the TCP connection with the client. The server must be able to cheaply discard bogus solutions so we cannot use public key cryptography. Please explain where/why the server must retain state information which makes it susceptible to DoS? Greg Stark securityguides llc Information Security Consultants greg () securityguides com www.securityguides.com (410) 381-9410 (Work)
Current thread:
- Re: client puzzle protocol, (continued)
- Re: client puzzle protocol daN. (Feb 17)
- Re: client puzzle protocol Michael B. Rash (Feb 17)
- Re: client puzzle protocol Paul Cardon (Feb 20)
- Re: client puzzle protocol Michael B. Rash (Feb 19)
- Re: client puzzle protocol Ge' Weijers (Feb 21)
- Re: client puzzle protocol daN. (Feb 24)
- Re: client puzzle protocol Todd Joseph (Feb 20)
- Re: client puzzle protocol daN. (Feb 17)
- Re: client puzzle protocol Shafik Yaghmour (Feb 17)
- Re: client puzzle protocol Antonomasia (Feb 17)
- Re: client puzzle protocol Tommy Ward (Feb 19)
- Re: client puzzle protocol Gregory Stark (Feb 20)
- Re: client puzzle protocol Michael B. Rash (Feb 19)
- Re: client puzzle protocol Antonomasia (Feb 21)