starlight.2016q3@xxxxxxxxxxx transcribed 1.2K bytes: > At 12:01 8/12/2016 -0400, Zack Weinberg wrote: > >Also, if you read the paper, raising the global rate limit (as > >suggested by the reg. article) doesn't help; it only slows the > >attacker down a little. > > The paper indicates that a global counter limit other than > 100 can be easily discovered. However the recommended > mitigation effectively removes the global counter by setting > it to 10^9. The described attack requires the counter > be exhausted inside the temporal bounds of one second and the > Internet as it exists today cannot support 10^9 probes on > that deadline. > > IMO the recommended mitigation is effective and should > be applied by those believing RFC-5961-as-presently- > implemented changes worse than the weaknesses addressed > by the RFC. I applied the mitigation. Hello, Apparently, my last email to the list went to your spam folder. Please allow me to repeat myself: isis agora lovecruft transcribed 4.5K bytes: > The accepted patch [1] solves the issue, and does so by randomising the time > window that the global variable applies to. > > [1]: https://github.com/torvalds/linux/commit/75ff39ccc1bd5d3c455b6822ab09e533c551f758 Best regards, -- ♥Ⓐ isis agora lovecruft _________________________________________________________ OpenPGP: 4096R/0A6A58A14B5946ABDE18E207A3ADB67A2CDB8B35 Current Keys: https://fyb.patternsinthevoid.net/isis.txt
Attachment:
signature.asc
Description: Digital signature
_______________________________________________ tor-relays mailing list tor-relays@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays