An authentication question
Jack Lloyd
lloyd at acm.jhu.edu
Mon Aug 5 17:34:12 EDT 2002
On Mon, 5 Aug 2002, Adam Fields wrote:
> On Mon, Aug 05, 2002 at 04:44:28PM -0400, Jack Lloyd wrote:
> > In the second version, any random user (or script) could upload very large
> > files, wasting your bandwidth, and also CPU time when you check the sig. Or
> > lots and lots of really small files, which would swamp your CPU(s) trying
> > to check 500 sigs a second (makes for a good DDOS).
>
> Hmmm... wouldn't this make for a >less< effective DDOS attack?
> Ostensibly, the purpose of a DOS attack is twofold - to block access
> to a service, but also to cost money. CPU time is cheaper than
> bandwidth in most cases, and hosing the CPU would actually cause the
> machine to stop responding with less bandwidth used, doing "less"
> damage than a pure network overload attack.
My point was that I can grind a big ass server running on a leased line to
a halt using my (hypothetical) 56K modem by sending out a bunch of tiny
files and random sigs for the big box to try to verify. A DDOS isn't really
needed, except to get around IP filtering (and there are other ways to do
that). I really don't know why I brought up a DDOS, actually. Just
rambling, I guess.
I wasn't considering bandwidth costs in my previous statement. I don't
think it's that important, which others can feel free to disagree with. The
actual denial of service, ie real users can't use the service and if
they're paying for it they could get quite upset, seems more important to
me.
-Jack
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list