Slashdot Mirror

← Back to Stories (view on slashdot.org)

Denial of Service via Algorithmic Complexity

Posted by michael on from the advanced-topics dept.

dss902 writes "We (Department of Computer Science, Rice University) present a new class of low-bandwidth denial of service attacks that exploit algorithmic deficiencies in many common applications' data structures... Using bandwidth less than a typical dialup modem, we can bring a dedicated Bro server to its knees; after six minutes of carefully chosen packets, our Bro server was dropping as much as 71% of its traffic and consuming all of its CPU. We show how modern universal hashing techniques can yield performance comparable to commonplace hash functions while being provably secure against these attacks."

17 of 257 comments (clear)

  1. Embarrased yet? by CausticWindow · · Score: -1, Offtopic

    You should be.

    --
    How small a thought it takes to fill a whole life
    1. Re:Embarrased yet? by larry+bagina · · Score: -1, Offtopic

      oops, no weapons of mass destruction. I bet saddam is laughing his ass off! he sure fooled us!

      --
      Do you even lift?

      These aren't the 'roids you're looking for.

  2. mmm mmm better by Anonymous Coward · · Score: -1, Offtopic

    hehehehehhehehehheheheh frost psot

  3. PIN machines by Anonymous Coward · · Score: -1, Offtopic

    still use 300 baud

  4. For crying out loud! by Anonymous Coward · · Score: -1, Offtopic

    This story doesn't have anything to do with SCO! Come on, where's today's SCO story? This isn't funny, man, I need my fix! I'm getting really fucking desperate man, I've asked you guys, like, what, twice today? C'mon! I'll do anything for some SCO news! I'm going crazy here!

  5. These people... by swsnyder · · Score: 0, Offtopic

    ...at Rice university have way too much free time.

  6. Oh dear.... by Rumagent · · Score: -1, Offtopic

    SCO is so gonna get it...

  7. Re:Is it just me..? by Anonymous Coward · · Score: -1, Offtopic

    Well, it's that, or the endless cycle of drinking beer, smoking weed and trying to get laid.

    I'm glad it's college kids studying this, and not some disgruntled hack master who wants to punnish your server for existing.

  8. Re:WTF is a Bro server by Anonymous Coward · · Score: -1, Offtopic

    Correct me if I'm wrong, but I beleave it has something to do with gay porn.

  9. Re:WTF is a Bro server by Anonymous Coward · · Score: -1, Offtopic

    You would know.

  10. Re:Is it just me..? by fadeaway · · Score: -1, Offtopic

    Okay, I see I jumped the gun a bit. I agree that I'd rather have well meaning students discovering such things. That said, I still don't agree that the methods to use such security holes should be published for the general public to sift through.

    As I stated in an earlier reply, why not just announce that you've found an issue, and offer the methods to fix it?

  11. Re:Same Content / Two Links by Anonymous Coward · · Score: -1, Offtopic

    At the end of "The Sixth Sense" Trinity dies but Neo manages to bring her back to life by reaching inside her and massaging her heart, if you know what I mean.

    Oh yeah, and Morpheus is really an agent of the Matrix.

  12. Re:glib example by Anonymous Coward · · Score: -1, Offtopic

    stfu k thx cya

  13. ok.. by Anonymous Coward · · Score: -1, Offtopic

    I think i am going to write an apache module to detect slashdotting, and to have configurable options so that it can display pages like the one that is on that server that says:

    " (Slashdotting) Please see the actual project page in the parent directory instead of the paper"

    or other options...

  14. As a black programmer, by Anonymous Coward · · Score: -1, Offtopic

    I can confirm the parent post's accuracy.

  15. Re:Same Content / Two Links by Derg · · Score: 0, Offtopic

    Trinity is the agent

    --
    I'm a little tea pot.
  16. intersting... by Anonymous Coward · · Score: -1, Offtopic

    Can we slashdot the slashdot .. err DoS slashdot with this?