[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: resistance to swamping attacks.
touch@ISI.EDU wrote:
> a) All resources are FIRST allocated to existing
> connections.
>
> b) Remaining resources are allocated 'fairly' on
> a per-connection-attempt basis.
>
> c) Connections not fully established have a finite
> resource limit, BOTH individually and as an
> aggregate class.
>
> I think these are necessary and sufficient.
Right. I fully agree. Now it would be interesting, how you can modfiy the
protocol used for connection attempts to make life for swamping attacks
*much* harder. The cookie approach certainly does this. The idea [expense
for the sender, cheap verification for the receiver] is interesting, but
fails if precomputing can happen on the sending side. Others?
Germano
References: