Florian Weimer wrote:
This program uses a hash table to store the active flows. It is
vulnerable to a DoS attack, as described in "Denial of Service via
Algorithmic Complexity Attacks" by Scott A Crosby and Dan S Wallach:
<http://www.cs.rice.edu/~scrosby/hash/>
It is possible to switch to a HMAC-style hash function that offers
some resistance against second preimage attacks, but I'd recommend to
switch to some balanced tree variant.
I have forwarded this to upstream, and will wait until a fix is made.
Thanks..
Radu
