[rrg] Fundamental objections toahost-basedscalableroutingsolution
Christopher Morrow
morrowc.lists at gmail.com
Sat Nov 29 11:48:01 PST 2008
On Sat, Nov 29, 2008 at 2:08 PM, Templin, Fred L
<Fred.L.Templin at boeing.com> wrote:
>>|> That implies that the
>>|> ETR does a mapping lookup on the receipt of a packet, buffers
>>|> the packet until the lookup succeeds, and the does the
>>|> compare.
>>|
>>|Oh you mean like the IPv6 neighbor discovery process!?
>>
>>
>>Two wrongs don't make a right.
>
> Why buffer the packet until the lookup succeeds? Why not
> just accept the first few packets while a lookup is done
a synflood is a bunch of 1 packet flows :( you lose, I win! yippee! :(
Seriously though, if you send through 'some' of the bad packets all
the attacker has to know is how many 'some' is... in the worst case
the answer is 'one'.
Buffering is bad, really, really bad.
-chris
More information about the rrg
mailing list