Cisco's Statement about IPR Claimed in draft-ietf-tcpm-tcpsecure

• Previous message (by thread): Cisco's Statement about IPR Claimed in draft-ietf-tcpm-tcpsecure
• Next message (by thread): Cisco's Statement about IPR Claimed in draft-ietf-tcpm-tcpsecure
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On May 13, 2004, at 1:48 PM, Steven M. Bellovin wrote:

> In message <Pine.NEB.4.58.0405122134560.9034 at server.duh.org>, Todd 
> Vierling wri
> tes:
>>
>> On Tue, 11 May 2004, David Krause wrote:
>>
>> : http://www.ietf.org/ietf/IPR/cisco-ipr-draft-ietf-tcpm-tcpsecure.txt
>>
>> The same document that fully ignores that port number randomness will
>> severely limit the risk of susceptibility to such an attack?
>
> How many zombies would it take to search the port number space
> exhaustively?

Irrelevant.

The limiting factor here is how many packets can make it to the CPU.  
Using 10K pps as a nice round (and high) figure, a single machine can 
do that.

Also, many of the calculations I've seen assume much higher pps when 
calculating time to reset a session.  Has anyone done a test to see 
what a Juniper M5/10/whatever and a GSR can actually take without 
dropping packets due to rate limiting and/or falling over from being 
packeted?

-- 
TTFN,
patrick

• Previous message (by thread): Cisco's Statement about IPR Claimed in draft-ietf-tcpm-tcpsecure
• Next message (by thread): Cisco's Statement about IPR Claimed in draft-ietf-tcpm-tcpsecure
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]