--MimeMultipartBoundary
Content-Type: TEXT/PLAIN; charset=US-ASCII
On Thu, 21 Aug 1997, Oskar Pearson wrote:
>hmm. This opens up a potential denial-of-service attack.... you could
>completely trash a cache-machine's CPU by making a few thousand queries
>a second. Of course, a few thousand a second would probably kill any
>box right now anyway.
Doing an HSA or MD5 transform per connection is something at least a few
versions of the SYN flood code did... it's not too CPU-expensive to be an
easy DoS, it's used in anti-DoS code. Of course, a sufficiently fast TCP
flood will kill any service, at which point finding out who did it is the
best (only?) defense.
David.
--MimeMultipartBoundary--
Received on Tue Jul 29 2003 - 13:15:42 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:11:24 MST