>The client-puzzle protocol does not seem such a great idea to me. A >_distributed_ DOS attack will have lots of CPU power to do the >puzzles. > >Ge' Some mathematical problems do not lean well towards parallel solving..It is true however that u could get dozens of machines each opening and solving their own puzzles..I mean the puzzles couldn't be THAT hard to solve because modern web browsers open up to 30 connections when connecting to a page and you would not want to hinder that....the reason that this is still a better solution then none though isn't in the puzzle technic, but rather for the same reason as SYN cookies are good is that it forces the attacking machine to use a legitimate return address if it wants a connections state to be established..this makes it WAY easier to track attacks to the source without involving law enforcement agencies/dozens of ISPs.. It's all really a waste though will be nice to see IPV6 and IPSec implemented..there may be some issues but all in all it's much better than the current state..I just sometimes question it ever be implemented do to hardware costs.... mutated / aka daN. ph33r my l@me newBi3 sKillz
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:07:57 PDT