[9187] in cryptography@c2.net mail archive
Re: Stealth Computing Abuses TCP Checksums
daemon@ATHENA.MIT.EDU (Dan Geer)
Sat Sep 1 11:20:38 2001
Message-Id: <200109010538.BAA26680@world.std.com>
To: Bill Stewart <bill.stewart@pobox.com>
Cc: cypherpunks@lne.com, cryptography@wasabisystems.com
In-reply-to: Your message of "Wed, 29 Aug 2001 23:25:01 EDT."
<5.0.2.1.1.20010829231620.02fa57a0@idiom.com>
Date: Sat, 01 Sep 2001 01:38:39 -0400
From: Dan Geer <geer@world.std.com>
. "Below, we present an implementation of a parasitic computer
. using the checksum function. In order for this to occur,
. one needs to design a special message that coerces a target server
. into performing the desired computation."
This is the same principle that underlies denial of service
attacks -- the irreducible residual vulnerability of a system
to denial of service is proportional to the amount of work (or
time) that system must do (or consume) before it can conclude
its initial authorization decision. Ironically, the more
precise and complex that authorization decision process, the
greater the amount of work that the active (initiating) side of
the connection can call on the passive side to perform. This
critically bears on protocol and application security design.
--dan
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
