|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical RE: key change for TCP-MD5
>> The added cost for CPU-bound systems is that they have to try >> (potentially) multiple keys before getting the **right** key >> but in real life this can be easily mitigated by having a rating >> system on the key based on the frequency of success. > > This mitigates the effect of authenticating valid packets. However, > this does not appear to help at all in terms of minimizing the DOS > effect of an intentional DoS attack that uses authenticated packets > (with the processing time required to check the keys the intended > damage of the attack). gstm
|