On Fri, Jun 23, 2006 at 11:49:33AM -0700, Barry Greene (bgreene) wrote:
>
> Yes Jared - our software does the TTL after the MD5, but the hardware
> implementations does the check in hardware before the packet gets punted
> to the receive path. That is exactly where you need to do the
> classification to minimize DOS on a router - as close to the point where
> the optical-electrical-airwaves convert to a IP packet as possible.
i'm not that bright, so maybe i'm missing something, but i've heard
this claim from cisco people before and never understood it.
just to clarify: you're saying that doing the (expensive) md5 check
before the (almost free) ttl check makes sense because that
*minimizes* the DOS vectors against a router? can someone walk me
through the logic here using small words? i am obviously not able to
follow this due to my distance from the
"optical-electrical-airwaves".
t.
--
_____________________________________________________________________
todd underwood +1 603 643 9300 x101
renesys corporation chief of operations & security
[EMAIL PROTECTED]
http://www.renesys.com/blog/todd.shtml