North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Cisco's Statement about IPR Claimed in draft-ietf-tcpm-tcpsecure

  • From: Patrick W.Gilmore
  • Date: Thu May 13 14:08:23 2004

On May 13, 2004, at 1:48 PM, Steven M. Bellovin wrote:

In message <[email protected]>, Todd Vierling wri
tes:
On Tue, 11 May 2004, David Krause wrote:

: http://www.ietf.org/ietf/IPR/cisco-ipr-draft-ietf-tcpm-tcpsecure.txt

The same document that fully ignores that port number randomness will
severely limit the risk of susceptibility to such an attack?
How many zombies would it take to search the port number space
exhaustively?
Irrelevant.

The limiting factor here is how many packets can make it to the CPU. Using 10K pps as a nice round (and high) figure, a single machine can do that.

Also, many of the calculations I've seen assume much higher pps when calculating time to reset a session. Has anyone done a test to see what a Juniper M5/10/whatever and a GSR can actually take without dropping packets due to rate limiting and/or falling over from being packeted?

--
TTFN,
patrick