Re: [fw-wiz] Off topic: Any one know of a good IPV6 reference book?
From: Marcus J. Ranum (mjr_at_ranum.com)
Date: 07/31/03
- Previous message: Bill Royds: "Re: [fw-wiz] HTML Emails and Firewall Security"
- Maybe in reply to: Joseph S D Yao: "Re: [fw-wiz] Off topic: Any one know of a good IPV6 reference book?"
- Next in thread: Christopher Hicks: "Re: [fw-wiz] Off topic: Any one know of a good IPV6 reference book?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: Paul Robertson <proberts@patriot.net>, Crispin Cowan <crispin@immunix.com> Date: Wed, 30 Jul 2003 21:07:48 -0400
>> If every single packet had an authentic source IP address, then DDoS
>> problems would be much easier to manage.
By the way, using cryptographic authentication and/or especially
public key operations in your networking stack offers a *TERRIFIC*
new form of CPU exhaustion DDOS. We haven't seen attackers
using that kind of attack because basically nobody's using IPSEC
("nobody" in terms of overall computing demographics) but the
threat may still exist. Adding cryptography to load-sensitive, memory
space-sensitive, or complexity-sensitive problems is a recipe for making
things WORSE not BETTER!!!
mjr.
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Previous message: Bill Royds: "Re: [fw-wiz] HTML Emails and Firewall Security"
- Maybe in reply to: Joseph S D Yao: "Re: [fw-wiz] Off topic: Any one know of a good IPV6 reference book?"
- Next in thread: Christopher Hicks: "Re: [fw-wiz] Off topic: Any one know of a good IPV6 reference book?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
