21 Jun
2006
21 Jun
'06
2:32 p.m.
The added cost for CPU-bound systems is that they have to try (potentially) multiple keys before getting the **right** key but in real life this can be easily mitigated by having a rating system on the key based on the frequency of success. This mitigates the effect of authenticating valid packets. However, this does not appear to help at all in terms of minimizing the DOS effect of an intentional DoS attack that uses authenticated packets (with the processing time required to check the keys the intended damage of the attack). gstm this doesn't help if the vendor can't implement it correctly and does the md5 calc before checking the ttl :(
hard to imagine anything that will help such a vendor randy