On Tue, Feb 20, 2007 at 06:20:26PM +0100, Eric Dumazet ([EMAIL PROTECTED])
wrote:
> > Hmm, I've just ran following test:
> > 1. created 2^20 hash table.
> > 2. ran in loop (100*(2^20) iterations) following hashes:
> > a. xor hash (const_ip, const_ip, random_word)
>
> So what ? to attack me you want to send 100*2^20 packets every minute ?
:) No, I will specially craft 1000 packets which will hist the same
chain.
> Thats nonsense... If you really can send so many packets, My pipe is full
> whatever I do of received packets. No Algo will protect me, even designed by
> Einstein.
Did you ever read what I wrote?
It is test, which shows that
1. jenkins has problems
2. it is two times slower than xor
How to explot problem in a real world is out of that research, but it is
enough to say that it is broken.
> If you look again at route cache, you will see chains length are limited by
> elasticity factor, that is usually 8... No need to try to reach 100 entries
> in a chain.
>
> Yes, I can destroy Russia sending 2^10 nuclear weapons on major cities. You
> really should build a bunker right now :)
France only has 100 delivery vehicles (about 50 submarines and 50
Mirages) - so no, I will not :)
> Now try to build an attack with 100 packets per second... and I will try to
> be
> smart too.
Depending on the end result... Wanna buy me (or suggest) couple of bottles of
good not expensive french wine? :)
Here is a dump of possible addr/port pairs which end up badly
distributed:
8e363a50:27652 -> c0a80001:20480
8e363a50:35529 -> c0a80001:20480
8e363a50:40919 -> c0a80001:20480
8e363a50:46720 -> c0a80001:20480
they produce the same hash value in the test described above.
--
Evgeniy Polyakov
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
