Firewall Wizards mailing list archives
Re: CERT vulnerability note VU# 539363 (fwd)
From: Darren Reed <darrenr () reed wattle id au>
Date: Tue, 22 Oct 2002 16:15:26 +1000 (EST)
Mike's "reference" here is the hash table IPFilter uses (maybe others). FWIW, it gets distributed with a predefined size and most likely most people never change this. That said, nobody has ever come to me and said "here's a patch to fix it" or "my firewall is running like a dog because of this attack". Be that as it may, code has been in place for some time to address this issue, in future, using a secret. In some email I received from Miles Sabin, sie wrote: [ Charset ISO-8859-1 unsupported, converting... ]
Mike Frantzen wrote,The problem with a hashed state table is that hash tables are very easy to attack. The use of collision chains (linked lists) would let an attack totally blow out the D$ and TLB. I've make a sun U10 440mhz w/ 2MB L2 grind to a halt w/ 5 packets a second after a long series of collisions.Interesting ... the idea being that with knowledge of the hash function an attacker could manufacture enough collisions to push the hash table to the O(n) worst case? Couldn't that attack be frustrated by a more sophisticated hash function parameterized with a local secret (ie. the attacker would need to know the secret as well as the function before they could reliably generate collisions)?
Yup.
Or would that make the hash function too computationally expensive?
I can't see how it would. Darren _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: CERT vulnerability note VU# 539363 (fwd), (continued)
- Re: CERT vulnerability note VU# 539363 (fwd) Paul Robertson (Oct 16)
- Re: CERT vulnerability note VU# 539363 (fwd) Daniel Hartmeier (Oct 16)
- Re: CERT vulnerability note VU# 539363 (fwd) Paul Robertson (Oct 16)
- Re: CERT vulnerability note VU# 539363 (fwd) Carson Gaspar (Oct 17)
- Re: CERT vulnerability note VU# 539363 (fwd) Paul Robertson (Oct 16)
- Re: CERT vulnerability note VU# 539363 (fwd) Mikael Olsson (Oct 16)
- Re: CERT vulnerability note VU# 539363 (fwd) Carson Gaspar (Oct 17)
- Re: CERT vulnerability note VU# 539363 (fwd) Mike Frantzen (Oct 17)
- Re: CERT vulnerability note VU# 539363 (fwd) Miles Sabin (Oct 18)
- Re: CERT vulnerability note VU# 539363 (fwd) Darren Reed (Oct 22)
- Re: CERT vulnerability note VU# 539363 (fwd) Mike Frantzen (Oct 22)
- RE: Re: CERT vulnerability note VU# 539363 (fwd) Ben Nagy (Oct 19)
- RE: Re: CERT vulnerability note VU# 539363 (fwd) Bill Royds (Oct 19)
- RE: Re: CERT vulnerability note VU# 539363 (fwd) Ben Nagy (Oct 19)