| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-id: <46038908.6050501@cosmosbay.com> Date: Fri, 23 Mar 2007 09:00:08 +0100 From: Eric Dumazet <dada1@...mosbay.com> To: David Miller <davem@...emloft.net> Cc: nikb@...master.com, netdev@...r.kernel.org Subject: Re: RFC: Established connections hash function David Miller a écrit : > From: Eric Dumazet <dada1@...mosbay.com> >> Welcome to the club :) > > Ok, how about we put something like the following into 2.6.21? 2.6.21 really ? Just to be clear : I had an attack two years ago, I applied your patch, rebooted the machine, and since then the attackers had to find another way to hurt the machine. Eventually, when I update the kernel of this machine, I forget to appply jhash patch, and attackers dont know they can try again :) I dont consider this new hash as bug fix at all, ie your patch might enter 2.6.22 normal dev cycle. Maybe a *fix*, independant of the hash function (so that no math expert can insult us), would be to have a *limit*, say... 1000 (something insane) on the length of a hash chain ? In my case, I saw lengths of about 3000 two years ago under attack, but machine was still usable... maybe in half power mode. - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists