Re: IPSEC Security Gateways & NAT

[Bill Sommerfeld <sommerfeld@East.Sun.COM>]

Stateless cookies provide a complete defense against a limited class
of attacks which are very easy to mount: namely, packet-flooding
programs which merely spew correctly-formatted requests onto the
network, possibly with forged source addresses.

Stateless cookies are a first line of defense; they're not a
substitute for the careful resource management needed to protect
against more sophisticated denial-of-service attacks.  That said, in
the presence of a packet flood, stateless cookies make the chance that
a legitimate user will be dropped significantly less.

> A random nonce can be computed much more quickly than
> a hash.

If the protocol allowed for stateless cookies, implementors could
choose to implement stateful cookies if they felt it made more sense
to tie up large amounts of memory instead of small amounts of cpu.

In most cases, folks are using hash-based random number generators and
have enough cpu that they're comfortable using the same hash function
for protecting AH & ESP traffic.  

Also, someone pointed out to me that there's no particular need to add
a round-trip for stateless cookies; you merely need to make sure that
message 3 contains everything in message 1 plus the cookie from
message 2..

					- Bill

---

References:

• Re: IPSEC Security Gateways & NAT
• From: "Hilarie Orman" <HORMAN@volera.com>

---

• Prev by Date: Re: I-D ACTION:draft-shacham-ippcp-rfc2393bis-07.txt
• Next by Date: Re: [Fwd: Re: P1363: prudent fields]
• Prev by thread: Re: IPSEC Security Gateways & NAT
• Next by thread: RE: IPSEC Security Gateways & NAT
• Index(es):
  • Main
  • Thread