[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: resistance to swamping attacks.

To: HUGO@watson.ibm.com
Subject: Re: resistance to swamping attacks.
From: Germano Caronni <caronni@tik.ee.ethz.ch>
Date: Fri, 27 Sep 1996 16:31:40 +0200 (MET DST)
Cc: ipsec@TIS.COM
In-Reply-To: <199609271355.JAA739976@mailhub1.watson.ibm.com> from "HUGO@watson.ibm.com" at Sep 27, 96 09:47:02 am
Sender: ipsec-approval@neptune.tis.com

HUGO@watson.ibm.com wrote:
> If one does not add the round trip, one can still make the life of the
> sender somewhat harder by mixing into the "hard" problem to be solved (by
> the sender) both the receiver's IP address and the time of the connection.
> Precomputation is then possible but the product of that computation must
> be used with a particular host and withing a time limit.

Time does pose a problem here. As I was educated on the list ;-) we can not
assume even loosely synchronized systems, thus if A wants to connect to B, 
B has to tell a its internal time (or sequence number, or whatever) first, 
resulting in the round trip...

Germano

To: Rob Adams <adams@cisco.com>
Cc: ipsec@TIS.COM
Subject: Re: Comments on ESP and AH IPSEC drafts. 
In-Reply-To: Your message of "Thu, 26 Sep 1996 14:44:01."
             <19960926144401adams@161.44.128.127> 
Reply-To: perry@piermont.com
X-Reposting-Policy: redistribute only with permission
Date: Fri, 27 Sep 1996 10:04:59 -0400
From: "Perry E. Metzger" <perry@piermont.com>
Sender: ipsec-approval@neptune.tis.com
Precedence: bulk
Message-ID:  <9609271227.aa20204@neptune.TIS.COM>


Rob Adams writes:
> I think including an IV in the packet should constitute a separate 
> transform with a unique IANA designation.   Optional fields slow 
> performance and in this case, the keying material and caching information 
> are different even though most of the actual operation is substantially 
> the same.

Without an IV, what you are running is the ECB mode of these
algorithms which is highly insecure. I do not think that should be
encouraged.

> I don't see the purpose of negotiated window sizes unless there is some 
> vulnerability in accepting out of order packets.

Serious denial of service attacks result if you are forced to keep an
infinite window.

Perry



Message-Id: <199609271558.LAA10511@devildog.cis.upenn.edu>
To: rgm3@chrysler.com
Cc: Germano Caronni <caronni@tik.ee.ethz.ch>, skip-info@skip.org, 
    Project SKIP <skip@tik.ee.ethz.ch>, 
    Bernhard Plattner <plattner@tik.ee.ethz.ch>, ipsec@TIS.COM
Subject: Re: The skip-info mailing list 
In-Reply-To: Your message of "Tue, 24 Sep 1996 10:45:13 EDT."
             <3.0b19.32.19960924103441.00aa8900@pop3hub.is.chrysler.com> 
Date: Fri, 27 Sep 1996 11:58:23 EDT
From: "Angelos D. Keromytis" <angelos@devildog.cis.upenn.edu>
Sender: ipsec-approval@neptune.tis.com
Precedence: bulk

-----BEGIN PGP SIGNED MESSAGE-----


In message <3.0b19.32.19960924103441.00aa8900@pop3hub.is.chrysler.com>, Robert 
Moskowitz writes:
>OMG, what they let into .ORG these days  ;)
>
>Is there really a registered (someplace on this planet) SKIP organization?
>Facinating.
>
FYI, there's a detergent brand named SKIP in Greece. I'm unaware of
any relation between them and Sun Microsystems.
- -Angelos

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv
Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface

iQCVAwUBMkv5mL0pBjh2h1kFAQHdhgP/emuNfrCRC7NmN62Cw9DSKD6E+yzyJTv1
+xTOOnJjfhA3eIsf0sNzWAj5S/3gIXZ0oD68zrI6op/6T7zxYGZh7bs3kHYH5M7P
qfGSCnedo4EZ1R/oyHsYG0e14GtxDQZS+2A8y/lIgohY0OPdb/zIMbi4uRyKvhVr
4WMRMjd/o4c=
=WsGN
-----END PGP SIGNATURE-----

References:

resistance to swamping attacks.

From: HUGO@watson.ibm.com

Prev by Date: resistance to swamping attacks.
Next by Date: Re: Comments on ESP and AH IPSEC drafts.
Prev by thread: resistance to swamping attacks.
Next by thread: Re: resistance to swamping attacks.
Index(es):
- Main
- Thread