Firewall Wizards mailing list archives
Re: client puzzle protocol
From: Antonomasia <ant () notatla demon co uk>
Date: Mon, 21 Feb 2000 00:09:20 GMT
From: "Gregory Stark" <greg () securityguides com>
From: "Antonomasia" <ant () notatla demon co uk> > It may prevent spoofing, but I think massive parallel puzzling by large > numbers of zombies with genuine unwanted connections will beat this and > anything else of the kind.
The RSA paper does in fact handle this. Similar ideas have been mentioned on the IPsec mailing list.
The basic idea is to make the client save the state info that the server normally would save. ....
Please explain where/why the server must retain state information which makes it susceptible to DoS?
That wasn't what I said. Had you quoted me more fully you'd have noticed that I mentioned how a client can be made to keep the state. My point in the above paragraph is that the compute burden is placed on the zombie machines, which can be recruited in their thousands, with the result that many connections do get opened and do (after opening) use resources. That the machines connecting (and solving the puzzles) are the many zombies and not the attacker means that the cost is not borne by the attacker. This means a puzzle scheme that is fine for direct DoS is poor against DDoS. I speculate that this remains true regardless of the nature of the puzzle. -- ############################################################## # Antonomasia ant () notatla demon co uk # # See http://www.notatla.demon.co.uk/ # ##############################################################
Current thread:
- Re: client puzzle protocol, (continued)
- Re: client puzzle protocol Paul Cardon (Feb 20)
- Re: client puzzle protocol Michael B. Rash (Feb 19)
- Re: client puzzle protocol Ge' Weijers (Feb 21)
- Re: client puzzle protocol daN. (Feb 24)
- Re: client puzzle protocol Paul Cardon (Feb 20)
- Re: client puzzle protocol Todd Joseph (Feb 20)
- Re: client puzzle protocol Shafik Yaghmour (Feb 17)
- Re: client puzzle protocol Antonomasia (Feb 17)
- Re: client puzzle protocol Tommy Ward (Feb 19)
- Re: client puzzle protocol Gregory Stark (Feb 20)
- Re: client puzzle protocol Michael B. Rash (Feb 19)
- Re: client puzzle protocol Antonomasia (Feb 21)