[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Future ISAKMP Denial of Service Vulnerablity Needs Addressing
On Thu, Feb 17, 2000 at 01:51:24PM -0500, Dave Perks wrote:
> Paul Koning wrote:
> > I have a concern about this notion of using puzzles as a way of
> > addressing the DoS problem.
> For that matter, the recent much-publicized distributed DoS attacks on
> e-commerce servers point out that a similar attack on an IPsec server
> would have no problem overcoming a puzzle-based defence. The multitude
> of "zombie" attackers collectively has much more CPU power than any
> attacked system.
Actually, that reflects one of my worst nightmares. Have one
of these kiddies marry a "cookie-crumbs" option into something like
TFN2K and then take out some major coporation's VPN by doing in its
ability to rekey.
> --
> The opinions expressed in this message are my personal
> opinion and in no way reflect the views of my employer.
> Søren Kierkegaard says
> "Life can only be understood backwards; but it must be lived forwards."
--
Michael H. Warfield | (770) 985-6132 | mhw@WittsEnd.com
(The Mad Wizard) | (770) 331-2437 | http://www.wittsend.com/mhw/
NIC whois: MHW9 | An optimist believes we live in the best of all
PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!
References: