On Sat, Nov 29, 2008 at 2:08 PM, Templin, Fred L <[EMAIL PROTECTED]> wrote: >>|> That implies that the >>|> ETR does a mapping lookup on the receipt of a packet, buffers >>|> the packet until the lookup succeeds, and the does the >>|> compare. >>| >>|Oh you mean like the IPv6 neighbor discovery process!? >> >> >>Two wrongs don't make a right. > > Why buffer the packet until the lookup succeeds? Why not > just accept the first few packets while a lookup is done
a synflood is a bunch of 1 packet flows :( you lose, I win! yippee! :( Seriously though, if you send through 'some' of the bad packets all the attacker has to know is how many 'some' is... in the worst case the answer is 'one'. Buffering is bad, really, really bad. -chris _______________________________________________ rrg mailing list [email protected] https://www.irtf.org/mailman/listinfo/rrg
