[rssac-caucus] [Ext] Handing the anonymization document off to RSSAC
John Heidemann
johnh at isi.edu
Thu Apr 12 03:54:43 UTC 2018
(about the document at
https://docs.google.com/document/d/1jpFcEjlwd11kqbsd1oAUf2Hq3gNskqN595RdmvyKkU8/edit#
)
On Thu, 12 Apr 2018 02:19:15 -0000, Paul Hoffman wrote:
>On Apr 11, 2018, at 11:06 AM, John Heidemann <johnh at isi.edu> wrote:
...
>> - section 4.1: the analysis of collisions was for an average day.
>> Collisions are dramatically higher for worst cases, and that's when
>> accurate counts most matter for some research. I suggest this text
>> there to address this gap:
>>
>> (Although the birthday problem has few collisions when the
>> number of active IPv4 address is small, it is much worse when
>> the number is large. For example, reports of the Nov. 30,
>> 2015 DDoS attack on the roots indicate that roots saw about
>> 891k unique addresses, and with n=900k, there are 170M
>> collisions. While many of these addresses were spoofed. This
>> count represents one factor in the cost some DDoS-defenses, so
>> accuracy is important.).
>
>See the comment in the text. Those numbers make no sense. How can you get 20x more collisions than there are values?
You're right. I went back to the source and the right numbers is 895M
unique addresses, not 891k. With n=900M there are 170M expected
collions. Thanks for catching this.
(The formula is in the text, so anyone can check them math. The point
is collisions grow precipitously as the number of adresses approaches a
substantial fraction of the total space.)
-John
More information about the rssac-caucus
mailing list