6 Oct
2003
6 Oct
'03
5:08 a.m.
Sean Donelan wrote:
Should other protocols include the same feature? If someone sends you a Dynamic DNS update, could the protocol include a kiss-o'-death packet to tell clients to go away? If someone keeps probing your HTTP server, should HTTP include a kiss-o'-death packet to tell clients to go away?
Erm, I can see a huge DoS hole waiting to happen to any protocol that doesn't in turn implement some sort of authentication of the server. The more protocols you allow to do this, the more potential for DoS of important (possibly) client information. Peter