(about the document at https://docs.google.com/document/d/1jpFcEjlwd11kqbsd1oAUf2Hq3gNskqN595RdmvyK... ) On Thu, 12 Apr 2018 02:19:15 -0000, Paul Hoffman wrote:
On Apr 11, 2018, at 11:06 AM, John Heidemann <johnh@isi.edu> wrote: ...
- section 4.1: the analysis of collisions was for an average day. Collisions are dramatically higher for worst cases, and that's when accurate counts most matter for some research. I suggest this text there to address this gap:
(Although the birthday problem has few collisions when the number of active IPv4 address is small, it is much worse when the number is large. For example, reports of the Nov. 30, 2015 DDoS attack on the roots indicate that roots saw about 891k unique addresses, and with n=900k, there are 170M collisions. While many of these addresses were spoofed. This count represents one factor in the cost some DDoS-defenses, so accuracy is important.).
See the comment in the text. Those numbers make no sense. How can you get 20x more collisions than there are values?
You're right. I went back to the source and the right numbers is 895M unique addresses, not 891k. With n=900M there are 170M expected collions. Thanks for catching this. (The formula is in the text, so anyone can check them math. The point is collisions grow precipitously as the number of adresses approaches a substantial fraction of the total space.) -John