Re: client puzzle protocol

["daN." <dan () nesmail com>]

> The client-puzzle protocol does not seem such a great idea to me. A
> _distributed_ DOS attack will have lots of CPU power to do the
> puzzles.
>
> Ge'
Some mathematical problems do not lean well towards parallel solving..It is 
true however that u could get dozens of machines each opening and solving 
their own puzzles..I mean the puzzles couldn't be THAT hard to solve 
because modern web browsers open up to 30 connections when connecting to a 
page and you would not want to hinder that....the reason that this is still 
a better solution then none though isn't in the puzzle technic, but rather 
for the same reason as SYN cookies are good is that it forces the attacking 
machine to use a legitimate return address if it wants a connections state 
to be established..this makes it WAY easier to track attacks to the source 
without involving law enforcement agencies/dozens of ISPs..
It's all really a waste though will be nice to see IPV6 and IPSec 
implemented..there may be some issues but all in all it's much better than 
the current state..I just sometimes question it ever be implemented do to 
hardware costs....

mutated / aka daN.
ph33r my l@me newBi3 sKillz