Re: [rtcweb] UDP transport problem

[Harald Alvestrand <harald@alvestrand.no>]

On 02/14/2014 03:42 PM, Cb B wrote:
>
> > It's especially depressing in that we put significant effort into
> reducing the likelihood that WebRTC could be used for DDoS attacks.
> >
> > I will note that blocking UDP (or massively-rate-limiting it) will
> have all sorts of nasty effects on all forms of VoIP.  TCP-entrained
> VoIP can evade that, but at a serious cost to call quality.  Surely
> the operators know this.
> >
>
> Agreed on all points. My view is one related to the basic requirement
> of keeping the network up.  I hope i have provided enough reference
> points to make the magnitude of the problem clear as well as how
> history has shown protocols get blocked (smtp)
>
This SMTP example doesn't match what I've seen happen.

SMTP is not blocked by any backbone service provider I know of.

Outgoing SMTP on port 25 is commonly blocked by firewalls that think
they don't have servers behind them (hotels are notorious in this
aspect). That's why the submit port is popular (and deployed with
authentication). The main concern isn't DDOS attacks, it's being blamed
for spam.

I've not seen any report of a DDOS attack that used port 25 for a
traffic-volume-based attack (although intentional or unintentional DDOS
attacks on mail servers are too common to care about).

Given that I still haven't seen a report that leads me to belive we'll
ever see a proposal that seriously proposes blocking all UDP traffic on
the Internet - I continue to disbelieve the premise, so it's not
surprising that I disagree with the conclusion.

-- 
Surveillance is pervasive. Go Dark.