Florian Weimer wrote:
This program uses a hash table to store the active flows. It is vulnerable to a DoS attack, as described in "Denial of Service via Algorithmic Complexity Attacks" by Scott A Crosby and Dan S Wallach: <http://www.cs.rice.edu/~scrosby/hash/> It is possible to switch to a HMAC-style hash function that offers some resistance against second preimage attacks, but I'd recommend to switch to some balanced tree variant.
I have forwarded this to upstream, and will wait until a fix is made. Thanks.. Radu