Re: [PATCH] First part of TCP-MD5 inbound verification
From: Barney Wolff (barney_at_databus.com)
Date: 04/22/04
- Previous message: Andre Oppermann: "[Fwd: NetBSD Security Advisory 2004-006: TCP protocol andimplementation vulnerability]"
- In reply to: Bruce M Simpson: "[PATCH] First part of TCP-MD5 inbound verification"
- Next in thread: Eugene Grosbein: "BGP MD5: compatibility for STABLE?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Thu, 22 Apr 2004 12:11:45 -0400 To: freebsd-net@FreeBSD.org
Just a note that, as discussion on nanog shows, it's very important to
only do the md5 check if the incoming packet is going to be accepted
and processed, rather than the intuitive order of checking the sig
first. That's because checking first allows an easy DoS, since checking
is cpu-intensive.
Barney
-- Barney Wolff http://www.databus.com/bwresume.pdf I'm available by contract or FT, in the NYC metro area or via the 'Net. _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
- Previous message: Andre Oppermann: "[Fwd: NetBSD Security Advisory 2004-006: TCP protocol andimplementation vulnerability]"
- In reply to: Bruce M Simpson: "[PATCH] First part of TCP-MD5 inbound verification"
- Next in thread: Eugene Grosbein: "BGP MD5: compatibility for STABLE?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
