Cisco's Statement about IPR Claimed in draft-ietf-tcpm-tcpsecure
Patrick W.Gilmore
patrick at ianai.net
Thu May 13 18:05:47 UTC 2004
On May 13, 2004, at 1:48 PM, Steven M. Bellovin wrote:
> In message <Pine.NEB.4.58.0405122134560.9034 at server.duh.org>, Todd
> Vierling wri
> tes:
>>
>> On Tue, 11 May 2004, David Krause wrote:
>>
>> : http://www.ietf.org/ietf/IPR/cisco-ipr-draft-ietf-tcpm-tcpsecure.txt
>>
>> The same document that fully ignores that port number randomness will
>> severely limit the risk of susceptibility to such an attack?
>
> How many zombies would it take to search the port number space
> exhaustively?
Irrelevant.
The limiting factor here is how many packets can make it to the CPU.
Using 10K pps as a nice round (and high) figure, a single machine can
do that.
Also, many of the calculations I've seen assume much higher pps when
calculating time to reset a session. Has anyone done a test to see
what a Juniper M5/10/whatever and a GSR can actually take without
dropping packets due to rate limiting and/or falling over from being
packeted?
--
TTFN,
patrick
More information about the NANOG
mailing list