- 论坛徽章:
- 20
|
http://vger.kernel.org/~davem/columbia2012.pdf
从中间部分开始看。
Cache is Exploitable
* This is true regardless of hash quality.
* Attacker can simply cycle through all values of all keys
* Each new packet sent modifies the lookup key in some way
* Each new packet creates a new routing cache entry
* Triggers garbage collection when size limit is reached
* Cache is no longer a cache, since every lookup misses
* This is more expensive than having no cache at all.
Cache in Non-hostile Environment
* Even with “well behaved” traffic, cache is undesirable
* Google sees hit rates on the order of only 10 percent
* On simpler systems, cache is effective
* But still exposed to key cycling denial of service
* The cache has to be removed
|
|