Cisco's Statement about IPR Claimed in draft-ietf-tcpm-tcpsecure

Patrick W.Gilmore patrick at
Thu May 13 18:05:47 UTC 2004

On May 13, 2004, at 1:48 PM, Steven M. Bellovin wrote:

> In message <Pine.NEB.4.58.0405122134560.9034 at>, Todd 
> Vierling wri
> tes:
>> On Tue, 11 May 2004, David Krause wrote:
>> :
>> The same document that fully ignores that port number randomness will
>> severely limit the risk of susceptibility to such an attack?
> How many zombies would it take to search the port number space
> exhaustively?


The limiting factor here is how many packets can make it to the CPU.  
Using 10K pps as a nice round (and high) figure, a single machine can 
do that.

Also, many of the calculations I've seen assume much higher pps when 
calculating time to reset a session.  Has anyone done a test to see 
what a Juniper M5/10/whatever and a GSR can actually take without 
dropping packets due to rate limiting and/or falling over from being 


More information about the NANOG mailing list