Hamiltonian path as protection against DOS.
michaelslists at gmail.com
Wed Aug 16 00:28:59 EDT 2006
Could this sort of system be something that is implemented way before
a HTTP connection even starts?
Say, implemented by OS vendors or API vendors of sockets. That is to
say, when you open a socket connection for the first time, for certain
protocols, you need to pay this fee. The socket lib would be adjusted
to do it, and then you are good to go.
It would mean that other services get the benefit of protection. But
is there legimate need to connect to many, or one, host many thousands
of times? I'd guess there is.
Take the discussed handshakes. Could something be incorporated there?
Maybe there could be a new low level protocol, kind of like SSL, but
less cost involved ... then you could tell your server to operate in
that mode only...
On 8/16/06, Bill Stewart <bill.stewart at pobox.com> wrote:
> Crypto is usually about economics and scalability.
> If you're doing this for DOS/DDOS prevention,
> you don't need the NP-completeness perfection you get from
> Hamiltonian paths or similar problems - SHA is fine,
> or any other hash that's quick to verify and
> hard to reverse. Even MD5 is probably still ok...
> Calculating any of the hashes probably takes less time than
> handling the packets does.
> It's almost certainly better for you if they harass you by
> sending you bogus SHA pieces that you can process quickly
> than bogus DH pieces that take you a while,
> and if it's not too distributed an attack,
> you can also blacklist senders IP addresses.
> At present I'm skeptical about the need for
> that kind of protection - a simple UDP or TCP handshake
> and maybe a Photuris cookie are enough to
> take care of most forgery attacks
> and let you blacklist hostile senders.
> But malware writers are tenacious bastards,
> and perhaps there are or will be applications where
> this sort of protection could be useful -
> merely insisting that attackers use _your_ protocol
> is probably enough to cut down on 99.99% of attacks
> unless you get the protocol widely adopted.
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography