RE: [beepwg] Re: A couple of features to limit BEEP no reply attack
Francis Brosnan Blazquez <francis@aspl.es> Tue, 24 March 2009 17:35 UTC
Return-Path: <beepwg-bounces@beepcore.org>
X-Original-To: ietfarch-beep-archive@core3.amsl.com
Delivered-To: ietfarch-beep-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 369F83A68C1 for <ietfarch-beep-archive@core3.amsl.com>; Tue, 24 Mar 2009 10:35:27 -0700 (PDT)
X-Quarantine-ID: <c1fLRS0GmWNj>
X-Virus-Scanned: amavisd-new at amsl.com
X-Amavis-Alert: BAD HEADER, Header field occurs more than once: "Cc" occurs 3 times
X-Spam-Flag: NO
X-Spam-Score: -1.893
X-Spam-Level:
X-Spam-Status: No, score=-1.893 tagged_above=-999 required=5 tests=[AWL=0.706, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id c1fLRS0GmWNj for <ietfarch-beep-archive@core3.amsl.com>; Tue, 24 Mar 2009 10:35:26 -0700 (PDT)
Received: from hl27.dinaserver.com (hl27.dinaserver.com [82.98.144.26]) by core3.amsl.com (Postfix) with ESMTP id 09D853A6B55 for <beep-archive@lists.ietf.org>; Tue, 24 Mar 2009 10:35:25 -0700 (PDT)
Received: from hl27.dinaserver.com (localhost [127.0.0.1]) by hl27.dinaserver.com (Postfix) with ESMTP id 00E2A7CD6D6; Tue, 24 Mar 2009 18:36:08 +0100 (CET)
X-Original-To: beepwg@beepcore.org
Delivered-To: beepwg-lista@hl27.dinaserver.com
Received: from dolphin.aspl.es (unknown [212.170.183.66]) by hl27.dinaserver.com (Postfix) with ESMTP id E84007CBD20 for <beepwg@beepcore.org>; Tue, 24 Mar 2009 18:35:41 +0100 (CET)
Received: from localhost (localhost [127.0.0.1]) by dolphin.aspl.es (Postfix) with ESMTP id CD7FD740F8; Tue, 24 Mar 2009 18:32:04 +0100 (CET)
X-Virus-Scanned: amavisd-new at dolphin.aspl.es
Received: from dolphin.aspl.es ([127.0.0.1]) by localhost (dolphin.aspl.es [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MVHD5G6PoXhN; Tue, 24 Mar 2009 18:32:00 +0100 (CET)
Received: from [192.168.0.132] (barracuda [10.0.0.4]) by dolphin.aspl.es (Postfix) with ESMTP id EF22C74052; Tue, 24 Mar 2009 18:31:59 +0100 (CET)
Subject: RE: [beepwg] Re: A couple of features to limit BEEP no reply attack
From: Francis Brosnan Blazquez <francis@aspl.es>
To: "Thomson, Martin" <Martin.Thomson@andrew.com>
In-Reply-To: <E51D5B15BFDEFD448F90BDD17D41CFF1058BCB58@AHQEX1.andrew.com>
References: <1236942381.17324.180.camel@vulcan.aspl.local> <9471C896-E007-4745-8A49-885D51B6B130@apple.com> <ffc28d54-b4e6-4eaa-ba21-2d6d9f94a2b8@v38g2000yqb.googlegroups.com> <1237382051.5260.273.camel@vulcan.aspl.local> <E51D5B15BFDEFD448F90BDD17D41CFF1058BCB58@AHQEX1.andrew.com>
Content-Type: text/plain
Organization: Advanced Software Production Line, S.L.
Date: Tue, 24 Mar 2009 18:35:32 +0100
Message-Id: <1237916132.27593.169.camel@vulcan.aspl.local>
Mime-Version: 1.0
X-Mailer: Evolution 2.22.3.1
Content-Transfer-Encoding: 7bit
X-DinaScanner: Libre de Virus, Este E-Mail no ha sido analizado.
X-DinaScanner-SpamCheck: no es spam, SpamAssassin (not cached, puntaje=-2.499, requerido 6, BAYES_00 -2.60, RDNS_NONE 0.10),
cc: Martin Thomson <martin.thomson@gmail.com>
cc: Vortex <vortex@lists.aspl.es>
cc: beepwg@beepcore.org
X-BeenThere: beepwg@beepcore.org
X-Mailman-Version: 2.1
Precedence: list
List-Id: <beepwg.beepcore.org>
List-Help: <mailto:beepwg-request@beepcore.org?subject=help>
List-Post: <mailto:beepwg@beepcore.org>
List-Subscribe: <http://beepcore.org/mailman/listinfo/beepwg>, <mailto:beepwg-request@beepcore.org?subject=subscribe>
List-Unsubscribe: <http://beepcore.org/mailman/listinfo/beepwg>, <mailto:beepwg-request@beepcore.org?subject=unsubscribe>
Sender: beepwg-bounces@beepcore.org
Errors-To: beepwg-bounces@beepcore.org
X-DinaScanner-Information: DinaScanner. Filtro anti-Spam y anti-Virus
X-MailScanner-ID: 00E2A7CD6D6.7CC77
X-DinaScanner-From: beepwg-bounces@beepcore.org
Hi Martin, > Sorry about the delay in responding... ;-) No problem.. > RTT discovery is performed by every TCP stack. It's part of working > out the necessary window size to maximize throughput. I don't know if > this information is made available by any TCP stacks, but it isn't > impossible to measure. Even above TCP where retransmits could > interfere its' probably still doable. Fine. I could place such mention so developers can consider it. However, as you are guessing, such APIs are missing especially on windows (pretty much like TCP maximum negotiated segment size). > I'd still say that the main concern I have is that your interpretation > of what constitutes a "protocol violation" is too narrow a view. More > holistically, a badly behaving peer needs to be treated as such, > regardless of where the errors occur. Niceties like proper channel > and session closure are luxuries - a badly behaving peer does not > deserve to be treated in such a civilised fashion. Ok. Just to point reply-limit is to protect a peer from BNRA especially over channel 0 rather giving especial care to badly behaving peers. After this initial poll I think there are few interest in reply-limit feature. I still think this is a remaining issue to solve and, with some degree, this "silence" confirms close session is not being used at this moment due to problems it carries, especially in an untrusted/public environment. No problem, next issue... ..what about "optional-reply"? What's your opinion about it? Cheers! > Cheers, > Martin -- Francis Brosnan Blazquez <francis@aspl.es> Advanced Software Production Line, S.L.
- [beepwg] A couple of features to limit BEEP no re… Francis Brosnan Blazquez
- [beepwg] Re: [Vortex] A couple of features to lim… Francis Brosnan Blazquez
- Re: [beepwg] A couple of features to limit BEEP n… David Kramer
- [beepwg] Re: A couple of features to limit BEEP n… Martin Thomson
- [beepwg] Re: [Vortex] A couple of features to lim… Francis Brosnan Blazquez
- Re: [beepwg] A couple of features to limit BEEP n… Francis Brosnan Blazquez
- Re: [beepwg] Re: A couple of features to limit BE… Francis Brosnan Blazquez
- RE: [beepwg] Re: A couple of features to limit BE… Thomson, Martin
- RE: [beepwg] Re: A couple of features to limit BE… Francis Brosnan Blazquez
- [beepwg] Re: [Vortex] A couple of features to lim… Benoit Amiaux
- Re: [beepwg] Re: A couple of features to limit BE… Francis Brosnan Blazquez
- Re: [beepwg] Re: [Vortex] A couple of features to… Francis Brosnan Blazquez