North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: TCP RST attack (the cause of all that MD5-o-rama)
On 20-apr-04, at 23:45, vijay gill wrote:
So all we have to do is apply strong crypto a bit smarter, such that we only burn CPU cycles for good packets rather than for all packets.the correct workaround is the http://www.ietf.org/internet-drafts/draft-ietf-tcpm-tcpsecure-00.txt draft. MD5 is also the correct workaround. However, neither of the two protect against what is the most vulnerable thing in the internet infrastructure today - a large amount of PPS at the _router_ (with or without md5 or tcpsecure) will blow it out of the water.