David Miller a écrit :
From: Eric Dumazet <[EMAIL PROTECTED]>
Welcome to the club :)
Ok, how about we put something like the following into 2.6.21?
2.6.21 really ?
Just to be clear : I had an attack two years ago, I applied your patch,
rebooted the machine, and since then the attackers had to find another way to
hurt the machine. Eventually, when I update the kernel of this machine, I
forget to appply jhash patch, and attackers dont know they can try again :)
I dont consider this new hash as bug fix at all, ie your patch might enter
2.6.22 normal dev cycle.
Maybe a *fix*, independant of the hash function (so that no math expert can
insult us), would be to have a *limit*, say... 1000 (something insane) on the
length of a hash chain ?
In my case, I saw lengths of about 3000 two years ago under attack, but
machine was still usable... maybe in half power mode.
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
