Re: OpenSSL denial of service

2003-08-24 Thread Rich Salz
> Thanks for your advice. Looks a pretty daunting challenge to be honest! > I don't really have a threat model of any use.. it's kind of me verus the > whole internet. One of the well-known content delivery companies was going to have an IETF I-D that would force some client pre-computation, to av

Re: OpenSSL denial of service

2003-08-20 Thread Neil Humphreys
Henrik,Russ,Diarmuid,Shawn,Lee,Ng Pheng, Thanks for your advice. Looks a pretty daunting challenge to be honest! I don't really have a threat model of any use.. it's kind of me verus the whole internet. Anyway, thanks again Neil. _

Re: OpenSSL denial of service

2003-08-20 Thread Henrik Nordstrom
On Tue, 19 Aug 2003, Neil Humphreys wrote: > Lee, > Yes I am worried about tcp syn attacks Most TCP implementations handles SYN attacks nicely these days given the opportunity by correct kernel tuning.. you should only need to worry about connection attacks where a full SYN handshake have taken p

Re: OpenSSL denial of service

2003-08-20 Thread Russ Fink
ious that can happen to a "naked" listening socket. I didn't think there would be a satisfactory software solution .. just asked because there are some clever people out there...!! cheers Neil - Original Message - From: "Lee Dilkie" <[EMAIL PROTECTED]> To:

Re: OpenSSL denial of service

2003-08-20 Thread Neil Humphreys
e clever people out there...!! cheers Neil - Original Message - From: "Lee Dilkie" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, August 19, 2003 8:46 PM Subject: RE: OpenSSL denial of service > Depends on the attack itself? > > are you worried about sy

Re: OpenSSL denial of service

2003-08-19 Thread Shawn P. Stanley
uot;Shawn P. Stanley" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Monday, August 18, 2003 9:38 PM > Subject: Re: OpenSSL denial of service > > >> I use a firewall, myself. >> >> On 8/18/03 3:08 PM, "Neil Humphreys" <[EMAIL PRO

RE: OpenSSL denial of service

2003-08-19 Thread Lee Dilkie
4 PM > To: [EMAIL PROTECTED] > Subject: Re: OpenSSL denial of service > > > Shawn, > > Thanks for the response. > > It's a lovely thought, but it's not as simple as sticking in > a firewall I am > afraid .. that leaves > me open to attacks that can&#x

Re: OpenSSL denial of service

2003-08-19 Thread Neil Humphreys
ay (such as the firewall). I take it the answer's "no" then. - Original Message - From: "Shawn P. Stanley" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, August 18, 2003 9:38 PM Subject: Re: OpenSSL denial of service > I use a firewall, m