Mike Frantzen wrote, > The problem with a hashed state table is that hash tables are very > easy to attack. The use of collision chains (linked lists) would let > an attack totally blow out the D$ and TLB. I've make a sun U10 > 440mhz w/ 2MB L2 grind to a halt w/ 5 packets a second after a long > series of collisions. Interesting ... the idea being that with knowledge of the hash function an attacker could manufacture enough collisions to push the hash table to the O(n) worst case? Couldn't that attack be frustrated by a more sophisticated hash function parameterized with a local secret (ie. the attacker would need to know the secret as well as the function before they could reliably generate collisions)? Or would that make the hash function too computationally expensive? Cheers, Miles _______________________________________________ firewall-wizards mailing list firewall-wizardsat_private http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
This archive was generated by hypermail 2b30 : Fri Oct 18 2002 - 08:26:59 PDT