On Tuesday 20 February 2007 16:49, Michael K. Edwards wrote: > On 2/20/07, Evgeniy Polyakov <[EMAIL PROTECTED]> wrote: > > Jenkins _does_ have them, I showed tests half a year ago and in this > > thread too. Actually _any_ hash has them it is just a matter of time > > to find one. > > I think you misunderstood me. If you are trying to DoS me from > outside with a hash collision attack, you are trying to feed me > packets that fall into the same hash bucket. The Jenkins hash does > not have to be artifact-free, and does not have to be > cryptographically strong. It just has to do a passable job of mixing > a random salt into the tuple, so you don't know which string of > packets to feed me in order to fill one (or a few) of my buckets. > XORing salt into a folded tuple doesn't help; it just permutes the > buckets.
Yes. I must say I had an attack like that some years ago on one particular server : Some tcp ehash chains had a length > 1000. I had to plug jenkin hash to stop the attack (thanks to David :), and thanks to oprofile to let me understand what was happening ) The attacker was controlling several thousand of zombies and was able to choose its src port (knowing its src ip addr) to target *one* particular hash bucket on my web server. Each zombie was opening one tcp socket only, so a firewall could not detect them, they had a absolutely normal behavior. XOR, combined with the 16 bits range of src port, permits a lot of easy guessing for the attacker (since it knows the ehash_size of target is a power of two...) - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
