-- alan wrote: > But if the packets are forged, wouldn't that turn it > into a different kind of DOS? > > If I can get you to blacklist Alice by sending n > forged attack packages, then my DOS succeeded, if my > goal is to deny a connection between you and Alice.
The goals is usually to shut down a money making service, in order to extort protection payments from them. Shutting off a few clients is not a goal. The photuris protocol that Bill Stewart mentioned does an initial exchange wherein the server sends some random bytes to the client, and the client must respond with those random bytes before the server does any work at all. This means that the adversary cannot easily and cost effectively impersonate Alice's IP, for large numbers of Alices, unless they have upstream control of the server's pipe - which would require them to be physically rather close to the server, and if they are physically rather close then the owner of the server can find them and go after them with an axe handle, reducing the problem to the previously solved problem of protecting property rights in physical space. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG Vd1vET3dgr85QVK7NkeKqXbuKv71rJtvAtE/6g9O 4rd/c+MMCzQCtCpvt4KYLGwIMyBJauOzgF9YYvZIU --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]