[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

resistance to swamping attacks.

To: caronni@tik.ee.ethz.ch, touch@isi.edu
Subject: resistance to swamping attacks.
From: HUGO@watson.ibm.com
Date: Fri, 27 Sep 96 09:47:02 EDT
Cc: ipsec@TIS.COM
MMDF-Warning: Parse error in original version of preceding line at neptune.TIS.COM
Sender: ipsec-approval@neptune.tis.com

Ref:  Your note of Fri, 27 Sep 1996 11:13:48 +0200 (MET DST) (attached)

 >                The cookie approach certainly does this. The idea [expense
 > for the sender, cheap verification for the receiver] is interesting, but
 > fails if precomputing can happen on the sending side. Others?
 >
 > Germano

To avoid the benefits of pre-computing you need to have some kind of
"fresh challenge" sent from receiver to sender. This requires an additional
round-trip (like Karn's cookies do).
If one does not add the round trip, one can still make the life of the
sender somewhat harder by mixing into the "hard" problem to be solved (by
the sender) both the receiver's IP address and the time of the connection.
Precomputation is then possible but the product of that computation must
be used with a particular host and withing a time limit.

Hugo

Follow-Ups:

Re: resistance to swamping attacks.

From: Germano Caronni <caronni@tik.ee.ethz.ch>

Prev by Date: Re: resistance to swamping attacks.
Next by Date: Re: resistance to swamping attacks.
Prev by thread: Re: resistance to swamping attacks.
Next by thread: Re: resistance to swamping attacks.
Index(es):
- Main
- Thread