[37236] in cryptography@c2.net mail archive
Re: Hamiltonian path as protection against DOS.
daemon@ATHENA.MIT.EDU (alan)
Sun Aug 20 20:37:12 2006
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Wed, 16 Aug 2006 11:24:21 -0700 (PDT)
From: alan <alan@clueserver.org>
To: Bill Stewart <bill.stewart@pobox.com>
Cc: "James A. Donald" <jamesd@echeque.com>,
mikeiscool <michaelslists@gmail.com>, cryptography@metzdowd.com
In-Reply-To: <6.2.1.2.0.20060815101505.034b6088@pop.idiom.com>
On Tue, 15 Aug 2006, Bill Stewart wrote:
> Crypto is usually about economics and scalability.
>
> If you're doing this for DOS/DDOS prevention,
> you don't need the NP-completeness perfection you get from
> Hamiltonian paths or similar problems - SHA is fine,
> or any other hash that's quick to verify and
> hard to reverse. Even MD5 is probably still ok...
> Calculating any of the hashes probably takes less time than
> handling the packets does.
>
> It's almost certainly better for you if they harass you by
> sending you bogus SHA pieces that you can process quickly
> than bogus DH pieces that take you a while,
> and if it's not too distributed an attack,
> you can also blacklist senders IP addresses.
But if the packets are forged, wouldn't that turn it into a different kind
of DOS?
If I can get you to blacklist Alice by sending n forged attack packages,
then my DOS succeeded, if my goal is to deny a connection between you and
Alice.
--
"I want to live just long enough to see them cut off Darl's head and
stick it on a pike as a reminder to the next ten generations that some
things come at too high a price. I would look up into his beady eyes and
wave, like this... (*wave*!). Can your associates arrange that for me,
Mr. McBride?"
- Vir "Flounder" Kotto, Sr. VP, IBM Empire.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
