Re: [fw-wiz] Off topic: Any one know of a good IPV6 reference book?
From: Marcus J. Ranum (mjr_at_ranum.com)
To: Paul Robertson <firstname.lastname@example.org>, Crispin Cowan <email@example.com> Date: Wed, 30 Jul 2003 21:07:48 -0400
>> If every single packet had an authentic source IP address, then DDoS
>> problems would be much easier to manage.
By the way, using cryptographic authentication and/or especially
public key operations in your networking stack offers a *TERRIFIC*
new form of CPU exhaustion DDOS. We haven't seen attackers
using that kind of attack because basically nobody's using IPSEC
("nobody" in terms of overall computing demographics) but the
threat may still exist. Adding cryptography to load-sensitive, memory
space-sensitive, or complexity-sensitive problems is a recipe for making
things WORSE not BETTER!!!
firewall-wizards mailing list