From owner-freebsd-security Thu Dec 7 7:31:25 2000 From owner-freebsd-security@FreeBSD.ORG Thu Dec 7 07:31:23 2000 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from jamus.xpert.com (jamus.xpert.com [199.203.132.17]) by hub.freebsd.org (Postfix) with ESMTP id 69EBE37B400 for ; Thu, 7 Dec 2000 07:31:09 -0800 (PST) Received: from roman (helo=localhost) by jamus.xpert.com with local-esmtp (Exim 3.12 #5) id 1442zs-0003mP-00; Thu, 07 Dec 2000 17:30:12 +0200 Date: Thu, 7 Dec 2000 17:30:12 +0200 (IST) From: Roman Shterenzon To: John Howie Cc: Subject: Re: Defeating SYN flood attacks In-Reply-To: <00a101c05bdf$4e6e9b00$fd01a8c0@pacbell.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Fri, 1 Dec 2000, John Howie wrote: > Given that you know the plaintext (the Client IP Address), the cipher text > (SISN - CISN) and the algorithm, you can work out the key used (eventually). > If the key is only changed at system startup, the longer the system is > running, the more likely it will be that the key is computed. We all talk > about how long our boxes are up and running for (compared to NT/2000) and we > usually talk in months, if not years. The key needs to be changed more > often - perhaps hourly (which still might not be enough). AFAIK, it's still very nontrivial task to deduce the key given the plaintext and the ciphertext, especially when talking about 16 rounds, thing that makes differential cryptanalysis difficult (Or I'm completely lost and need to reread the Applied Cryptography; if so, please remind me). Of course the key should be changed from time to time, perhaps once a day. --Roman Shterenzon, UNIX System Administrator and Consultant [ Xpert UNIX Systems Ltd., Herzlia, Israel. Tel: +972-9-9522361 ] To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message