Re: TCP/BGP vulnerability - easier than you think
On Wed, 21 Apr 2004 21:00:55 +0100 (IST) Paul Jakma <paul@clubi.ie> wrote:
risk of crypto DoS than compared to the simple BGP TCP MD5 hack. The risk is due to MD5, not IPSec :).
I would say the risk is due to implementation. If the vendor's gear vomits quicker due to a resource consumption issue in handling MD5, is this really a problem with MD5? These issues can usually be fixed by simply improving the scaling properties of the implementation that may be required during adverse conditions. John
JK> Date: Wed, 21 Apr 2004 20:51:23 -0500 JK> From: John Kristoff JK> I would say the risk is due to implementation. If the JK> vendor's gear vomits quicker due to a resource consumption JK> issue in handling MD5, is this really a problem with MD5? Theoretically MD5 and IPSec sound great. Operationally they may not be the best answer. JK> These issues can usually be fixed by simply improving the JK> scaling properties of the implementation that may be required JK> during adverse conditions. Crypto chips' prices are declining... Eddy -- EverQuick Internet - http://www.everquick.net/ A division of Brotsman & Dreger, Inc. - http://www.brotsman.com/ Bandwidth, consulting, e-commerce, hosting, and network building Phone: +1 785 865 5885 Lawrence and [inter]national Phone: +1 316 794 8922 Wichita _________________________________________________________________ DO NOT send mail to the following addresses : blacklist@brics.com -or- alfra@intc.net -or- curbjmp@intc.net Sending mail to spambait addresses is a great way to get blocked.
participants (2)
-
E.B. Dreger
-
John Kristoff