1995-10-25 - Re: Does your software?

Header Data

From: Simon Spero <ses@tipper.oit.unc.edu>
To: Jon Mittelhauser <jonm@netscape.com>
Message Hash: 0a4e6eca855cf436288bafac652f6b38f72d7d88928ba8c9cb72e87b05b40576
Message ID: <Pine.SOL.3.91.951024210756.18616A-100000@chivalry>
Reply To: <308D0DA4.7ED@netscape.com>
UTC Datetime: 1995-10-25 04:40:12 UTC
Raw Date: Tue, 24 Oct 95 21:40:12 PDT

Raw message

From: Simon Spero <ses@tipper.oit.unc.edu>
Date: Tue, 24 Oct 95 21:40:12 PDT
To: Jon Mittelhauser <jonm@netscape.com>
Subject: Re: Does your software?
In-Reply-To: <308D0DA4.7ED@netscape.com>
Message-ID: <Pine.SOL.3.91.951024210756.18616A-100000@chivalry>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 24 Oct 1995, Jon Mittelhauser wrote:

> Dr. Frederick B. Cohen wrote:
> 
> > Yet it services more than one request per minute, 24 hours, 7 days, and
> > has done so without denial of services, corruption, or leakage since its

> I really tried to resist but....
> 

Thanks for saving me from the temptation but I guessed you were so taken 
aback by the performance claims that you missed the most amazing claim: 
an httpd that is proof against Denial Of Service. I'd love to know how 
Dr. Fred does this, since DoS is believed impossibly to defend against 
for unauthenticated TCP...

The usual DoS attack is to send a stream of connection-initiating SYNs to 
the target port, and never ACK the returned SYN. This fills up the listen 
queue, and jams the port. As long as you can generate SYNs faster than 
the TCP implementation times out the older pending requests, the port is 
jammed (modulo a small window of, er, invunerability between one of your 
SYNs timing out and its replacement turning up). 

Ob Crypto:

  Has anybody thought about running Photuris over a TCP connection to do 
application-level key-exchange? The cookie stuff isn't really needed in 
this application, but it's still quite a nice wheel.

Simon

 -----
(defun modexpt (x y n)  "computes (x^y) mod n"
  (cond ((= y 0) 1) 	((= y 1) (mod x n))
	((evenp y) (mod (expt (modexpt x (/ y 2) n) 2) n))
	(t (mod (* x (modexpt x (1- y) n)) n))))

Thread

• Return to October 1995

• Return to “Adam Shostack <adam@homeport.org>”
• Return to “Aleph One <aleph1@dfw.net>”
• Return to “Andy Brown <asb@nexor.co.uk>”
• Return to “anonymous-remailer@shell.portal.com”
• Return to “fc@all.net (Dr. Frederick B. Cohen)”
• Return to “futplex@pseudonym.com (Futplex)”
• Return to “hallam@w3.org”
• Return to “Jeff Barber <jeffb@sware.com>”
• Return to “Jeff Weinstein <jsw@netscape.com>”
• Return to “Jon Mittelhauser <jonm@netscape.com>”
• Return to ““Josh M. Osborne” <stripes@va.pubnix.com>”
• Return to “Laurent Demailly <dl@hplyot.obspm.fr>”
• Return to “Mark <mark@lochard.com.au>”
• Return to “Matt Blaze <mab@crypto.com>”
• Return to “Nesta Stubbs <nesta@cynico.com>”
• Return to ““Perry E. Metzger” <perry@piermont.com>”
• Return to “Ray Cromwell <rjc@clark.net>”
• Return to “roy@cybrspc.mn.org (Roy M. Silvernail)”
• Return to “sameer <sameer@c2.org>”

• Return to “Simon Spero <ses@tipper.oit.unc.edu>”

• 1995-10-22 (Sun, 22 Oct 95 14:10:05 PDT) - Netscape Logic Bomb detailed by IETF - anonymous-remailer@shell.portal.com
  • 1995-10-23 (Mon, 23 Oct 95 06:44:11 PDT) - Re: Netscape Logic Bomb detailed by IETF - “Perry E. Metzger” <perry@piermont.com>
    • 1995-10-23 (Mon, 23 Oct 95 07:16:40 PDT) - Re: Netscape Logic Bomb detailed by IETF - fc@all.net (Dr. Frederick B. Cohen)
      • 1995-10-23 (Mon, 23 Oct 95 08:01:02 PDT) - Re: Netscape Logic Bomb detailed by IETF - “Josh M. Osborne” <stripes@va.pubnix.com>
        • 1995-10-24 (Tue, 24 Oct 95 02:32:25 PDT) - Re: Netscape Logic Bomb detailed by IETF - fc@all.net (Dr. Frederick B. Cohen)
          • 1995-10-24 (Tue, 24 Oct 95 06:50:39 PDT) - Re: Netscape Logic Bomb detailed by IETF - Aleph One <aleph1@dfw.net>
            • 1995-10-24 (Tue, 24 Oct 95 08:52:20 PDT) - Does your software? - fc@all.net (Dr. Frederick B. Cohen)
              • 1995-10-24 (Tue, 24 Oct 95 10:10:53 PDT) - Re: Does your software? - Jeff Barber <jeffb@sware.com>
                • 1995-10-24 (Tue, 24 Oct 95 10:50:17 PDT) - Re: Does your software? - fc@all.net (Dr. Frederick B. Cohen)
                  • 1995-10-25 (Wed, 25 Oct 95 06:33:11 PDT) - Re: Does your software? - Andy Brown <asb@nexor.co.uk>
                    • 1995-10-25 (Wed, 25 Oct 95 10:25:00 PDT) - Re: Does your software? - fc@all.net (Dr. Frederick B. Cohen)
                • 1995-10-24 (Tue, 24 Oct 95 16:01:55 PDT) - Re: Does your software? - Jon Mittelhauser <jonm@netscape.com>
                  • 1995-10-25 (Tue, 24 Oct 95 21:40:12 PDT) - Re: Does your software? - Simon Spero <ses@tipper.oit.unc.edu>
                    • 1995-10-25 (Wed, 25 Oct 95 03:52:48 PDT) - Re: Does your software? - fc@all.net (Dr. Frederick B. Cohen)
                • 1995-10-25 (Tue, 24 Oct 95 17:24:50 PDT) - Re: Does your software? - Jeff Weinstein <jsw@netscape.com>
                  • 1995-10-25 (Wed, 25 Oct 95 04:22:42 PDT) - Re: Does your software? - fc@all.net (Dr. Frederick B. Cohen)
                    • 1995-10-25 (Wed, 25 Oct 95 06:55:27 PDT) - Re: Does your software? - Adam Shostack <adam@homeport.org>
                      • 1995-10-25 (Wed, 25 Oct 95 07:09:01 PDT) - Re: Does your software? - fc@all.net (Dr. Frederick B. Cohen)
                      • 1995-10-25 (Wed, 25 Oct 95 09:05:14 PDT) - Re: Does your software? - Aleph One <aleph1@dfw.net>
              • 1995-10-24 (Tue, 24 Oct 95 15:39:02 PDT) - Re: Does your software? - Ray Cromwell <rjc@clark.net>
                • 1995-10-24 (Tue, 24 Oct 95 15:54:11 PDT) - Re: Does your software? - fc@all.net (Dr. Frederick B. Cohen)
        • 1995-10-24 (Tue, 24 Oct 95 07:29:09 PDT) - MD5 weakness ? [was Re: Netscape Logic Bomb detailed by IETF] - Laurent Demailly <dl@hplyot.obspm.fr>
          • 1995-10-24 (Tue, 24 Oct 95 07:46:20 PDT) - Re: MD5 weakness ? [was Re: Netscape Logic Bomb detailed by IETF] - fc@all.net (Dr. Frederick B. Cohen)
            • 1995-10-24 (Tue, 24 Oct 95 09:32:07 PDT) - Re: MD5 weakness ? [was Re: Netscape Logic Bomb detailed by IETF] - Andy Brown <asb@nexor.co.uk>
            • 1995-10-24 (Tue, 24 Oct 95 10:15:03 PDT) - Re: MD5 weakness ? [was Re: Netscape Logic Bomb detailed by IETF] - hallam@w3.org
              • 1995-10-24 (Tue, 24 Oct 95 12:02:35 PDT) - Hash collisions [was Re: MD5 weakness ? …] - Matt Blaze <mab@crypto.com>
            • 1995-10-25 (Tue, 24 Oct 95 17:16:29 PDT) - Re: MD5 weakness ? [was Re: Netscape Logic Bomb detailed by IETF] - Mark <mark@lochard.com.au>
          • 1995-10-24 (Tue, 24 Oct 95 08:54:39 PDT) - Re: MD5 weakness ? [was Re: Netscape Logic Bomb detailed by IETF] - futplex@pseudonym.com (Futplex)
            • 1995-10-24 (Tue, 24 Oct 95 13:04:15 PDT) - Re: MD5 weakness ? [was Re: Netscape Logic Bomb detailed by IETF] - fc@all.net (Dr. Frederick B. Cohen)
            • 1995-10-24 (Tue, 24 Oct 95 16:38:31 PDT) - Re: MD5 weakness ? [was Re: Netscape Logic Bomb detailed by IETF] - “Perry E. Metzger” <perry@piermont.com>
          • 1995-10-24 (Tue, 24 Oct 95 10:46:44 PDT) - Re: MD5 weakness ? [was Re: Netscape Logic Bomb detailed by IETF] - Laurent Demailly <dl@hplyot.obspm.fr>
        • 1995-10-24 (Tue, 24 Oct 95 08:27:53 PDT) - Re: Netscape Logic Bomb detailed by IETF - Jeff Weinstein <jsw@netscape.com>
          • 1995-10-24 (Tue, 24 Oct 95 09:28:18 PDT) - Re: Netscape Logic Bomb detailed by IETF - sameer <sameer@c2.org>
      • 1995-10-23 (Mon, 23 Oct 95 08:32:06 PDT) - Re: Netscape Logic Bomb detailed by IETF - “Perry E. Metzger” <perry@piermont.com>
      • 1995-10-23 (Mon, 23 Oct 95 12:13:18 PDT) - Re: Netscape Logic Bomb detailed by IETF - futplex@pseudonym.com (Futplex)
      • 1995-10-25 (Tue, 24 Oct 95 20:02:23 PDT) - Re: Netscape Logic Bomb detailed by IETF - Nesta Stubbs <nesta@cynico.com>
  • 1995-10-24 (Mon, 23 Oct 95 17:31:07 PDT) - Re: Netscape Logic Bomb detailed by IETF - roy@cybrspc.mn.org (Roy M. Silvernail)