Stealth Computing Abuses TCP Checksums

Dan Geer geer at world.std.com
Sat Sep 1 01:38:39 EDT 2001


.     "Below, we present an implementation of a parasitic computer
.     using the checksum function.  In order for this to occur,
.     one needs to design a special message that coerces a target server
.     into performing the desired computation."

This is the same principle that underlies denial of service
attacks -- the irreducible residual vulnerability of a system
to denial of service is proportional to the amount of work (or
time) that system must do (or consume) before it can conclude
its initial authorization decision.  Ironically, the more
precise and complex that authorization decision process, the
greater the amount of work that the active (initiating) side of
the connection can call on the passive side to perform.  This
critically bears on protocol and application security design.

--dan




---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com




More information about the cryptography mailing list