DoS attack ?

YangWoo Ko <newcat@spsoft.co.kr> Thu, 06 December 2001 17:38 UTC

Return-Path: <ietf-irnss-errors@lists.elistx.com>
Received: from ELIST-DAEMON.eListX.com by eListX.com (PMDF V6.0-025 #44856) id <0GNX00704NNK0Y@eListX.com> (original mail from newcat@spsoft.co.kr); Thu, 06 Dec 2001 12:38:08 -0500 (EST)
Received: from CONVERSION-DAEMON.eListX.com by eListX.com (PMDF V6.0-025 #44856) id <0GNX00701NNH0U@eListX.com> for ietf-irnss@elist.lists.elistx.com (ORCPT ietf-irnss@lists.elistx.com); Thu, 06 Dec 2001 12:38:06 -0500 (EST)
Received: from DIRECTORY-DAEMON.eListX.com by eListX.com (PMDF V6.0-025 #44856) id <0GNX00701NNG0T@eListX.com> for ietf-irnss@elist.lists.elistx.com (ORCPT ietf-irnss@lists.elistx.com); Thu, 06 Dec 2001 12:38:04 -0500 (EST)
Received: from spsoft.co.kr ([211.254.82.194]) by eListX.com (PMDF V6.0-025 #44856) with ESMTP id <0GNX003M2NNETF@eListX.com> for ietf-irnss@lists.elistx.com; Thu, 06 Dec 2001 12:38:04 -0500 (EST)
Received: (from newcat@localhost) by spsoft.co.kr (8.10.0/8.10.0) id fB6HZTT31025 for ietf-irnss@lists.elistx.com; Fri, 07 Dec 2001 02:35:29 +0900
Date: Fri, 07 Dec 2001 02:35:29 +0900
From: YangWoo Ko <newcat@spsoft.co.kr>
Subject: DoS attack ?
In-reply-to: <122895213.1007640901@P2>
To: ietf-irnss@lists.elistx.com
Message-id: <20011207023529.J29209@spsoft.co.kr>
MIME-version: 1.0
Content-type: text/plain; charset=euc-kr
Content-disposition: inline
User-Agent: Mutt/1.3.23i
References: <7FC3066C236FD511BC5900508BAC86FE4D7823@trestles.inte <122895213.1007640901@P2>
List-Owner: <mailto:ietf-irnss-help@lists.elistx.com>
List-Post: <mailto:ietf-irnss@lists.elistx.com>
List-Subscribe: <http://lists.elistx.com/ob/adm.pl>, <mailto:ietf-irnss-request@lists.elistx.com?body=subscribe>
List-Unsubscribe: <http://lists.elistx.com/ob/adm.pl>, <mailto:ietf-irnss-request@lists.elistx.com?body=unsubscribe>
List-Archive: <http://lists.elistx.com/archives/ietf-irnss>
List-Help: <http://lists.elistx.com/elists/admin.shtml>, <mailto:ietf-irnss-request@lists.elistx.com?body=help>
List-Id: <ietf-irnss.lists.elistx.com>

On Thu, Dec 06, 2001 at 12:15:01PM -0500, John C Klensin wrote:
>   A search in that search layer can specify values for any
>   combination of facets that the searcher, or search-vendor,
>   finds appropriate.  Leaving one out is equivalent to "match
>   anything that happens to be there".

Dear John Klensin,

What will happen if I send a query with {null, null, ...} tuple ?
Can I download the whole database ? It looks like a very easy DoS attack.

My best regards

-- 
/*------------------------------------------------
YangWoo Ko : newcat@spsoft.co.kr
We Invent Enterprise Software Solutions
and Make You Secure & Powerful.
------------------------------------------------*/