Slashdot Mirror


Denial of Service via Algorithmic Complexity

dss902 writes "We (Department of Computer Science, Rice University) present a new class of low-bandwidth denial of service attacks that exploit algorithmic deficiencies in many common applications' data structures... Using bandwidth less than a typical dialup modem, we can bring a dedicated Bro server to its knees; after six minutes of carefully chosen packets, our Bro server was dropping as much as 71% of its traffic and consuming all of its CPU. We show how modern universal hashing techniques can yield performance comparable to commonplace hash functions while being provably secure against these attacks."

11 of 257 comments (clear)

  1. fp by Anonymous Coward · · Score: -1, Troll

    suckaz

  2. "Bro" server? Say what, nigga? by Anonymous Coward · · Score: -1, Troll

    Any attack against a Bro server is obviously a plot perpetrated by The Man, to keep a brother down. Peace to all my dead homies.

  3. Re:Say what? by Anonymous Coward · · Score: -1, Troll

    Because retards like you can't close a fucking italic tag. Dumbfuck.

  4. Re:What is a "Bro server"? by Anonymous Coward · · Score: -1, Troll

    One built by niggers. You can thank affirmative action in the computer industry for this one. Of course it would be easy to bring them down. It would be like asking a nigger to add two single-digit numbers together.

  5. Like at me I'm a l33T Hax05 dude... by Anonymous Coward · · Score: -1, Troll

    This guy is lame. If you don't set limits you will run out of them. If you do set limits you will run into them. Then he claims to have a "new" hashing function to fix all that, yet it is not finished with it.

    Furthmore, he claims the dnscache module in djbdns has a problem, but DJB in his infinite wisdom prepared for it.

    This guy is just lame, please ignore him.

  6. Re:Talking of Denial of Service attacks by Anonymous Coward · · Score: -1, Troll

    No problem. Here is a mirror.

  7. Re:Is it just me..? by Anonymous Coward · · Score: -1, Troll

    Well, duh, it's not like you have to be incredibly smart to figure this out by yourself. Anybody with programming skills beyond programming 101 should already be aware of this.

  8. I don't know which is worse... by RedLeg · · Score: 0, Troll
    These dipshits (yes, I said dipshits) publishing a paper like this without taking positive steps to make sure that maintainers of vulnerable packages were aware of the issues and had the chance to implement and publish fixes, and most importantly, get them deployed into the field, prior to publication

    OR

    Some random Slashdot Editor posting links to it, thereby calling the attention of the whole damn world to the fact that this class of vulnerability exists, apparently without fixes.

    Yes, I know, "Security through Obscurity is no Security at All." On the other hand, in a multi-layered security environment (think defense in depth), obscurity, or secrecy IS a valid (albeit thin) layer. This just eliminated that layer.

    Thanks, dipshits, and Slashdot, for making the world a WORSE place.

  9. Re:Same Content / Two Links by Anonymous Coward · · Score: -1, Troll

    Hey, wait a minute!

    No, apparently he didn't read the articles either, just look at them to notice they're the same. I just *actually* read the links. Not only are both links the same, but both of them are the Lands End spring 2003 catalog!

    I can't believe the submitter was able to slip something like that past not just the slashdot editors, but all 82 posters so far. Crazy.

  10. This is all part of the game in academia by lukme · · Score: 0, Troll

    It is publish or perish at most universities and even most colleges.

    They just found a topic to publish a paper on that extends things a little bit. This paper will then be footnoted by other researchers along with hundreds of other footnotes.

    Very little published is new or even remotely creative - creativity is something that I have found is supressed by academia.

    I suggest that if there are any questions, we as the slashdot community should collectively send them our pertinate questions.

  11. One down for open source? by Bish.dk · · Score: 0, Troll

    Such attacks will mostly be possible when you have access to the source-code of a program, and can look through it to find weak algorithmic parts.

    I guess it's harder to do this on a proprietary system. Perhaps this the "Open source is less secure"-argument that MS has been hoping for?