[Syslog] Issue 15 - DoS measures
Chris Lonvick <clonvick@cisco.com> Sat, 19 June 2010 03:44 UTC
Return-Path: <clonvick@cisco.com>
X-Original-To: syslog@core3.amsl.com
Delivered-To: syslog@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E0FC93A6933 for <syslog@core3.amsl.com>; Fri, 18 Jun 2010 20:44:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.906
X-Spam-Level:
X-Spam-Status: No, score=-9.906 tagged_above=-999 required=5 tests=[AWL=0.693, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2OrcNGIkbj80 for <syslog@core3.amsl.com>; Fri, 18 Jun 2010 20:44:28 -0700 (PDT)
Received: from sj-iport-1.cisco.com (sj-iport-1.cisco.com [171.71.176.70]) by core3.amsl.com (Postfix) with ESMTP id DD73C3A6873 for <syslog@ietf.org>; Fri, 18 Jun 2010 20:44:27 -0700 (PDT)
Authentication-Results: sj-iport-1.cisco.com; dkim=neutral (message not signed) header.i=none
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AuMGAKPZG0yrR7Ht/2dsb2JhbACScQEBjCNxqAaaKoUbBINU
X-IronPort-AV: E=Sophos;i="4.53,442,1272844800"; d="scan'208";a="336643957"
Received: from sj-core-1.cisco.com ([171.71.177.237]) by sj-iport-1.cisco.com with ESMTP; 19 Jun 2010 03:44:34 +0000
Received: from sjc-cde-011.cisco.com (sjc-cde-011.cisco.com [171.69.16.68]) by sj-core-1.cisco.com (8.13.8/8.14.3) with ESMTP id o5J3iXpX002604 for <syslog@ietf.org>; Sat, 19 Jun 2010 03:44:33 GMT
Date: Fri, 18 Jun 2010 20:44:33 -0700
From: Chris Lonvick <clonvick@cisco.com>
To: syslog@ietf.org
Message-ID: <Pine.GSO.4.63.1006181711400.13308@sjc-cde-011.cisco.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"; format="flowed"
Subject: [Syslog] Issue 15 - DoS measures
X-BeenThere: syslog@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Issues in Network Event Logging <syslog.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/syslog>, <mailto:syslog-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/syslog>
List-Post: <mailto:syslog@ietf.org>
List-Help: <mailto:syslog-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/syslog>, <mailto:syslog-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 19 Jun 2010 03:44:29 -0000
SECDIR reviewer said: Section 5.3 says "Implementations MUST support the denial of service countermeasures defined by DTLS." That's good but it's not clear whether this means that these countermeasures MUST always be enabled. Since that is not explicitly stated, it seems that a server could have those countermeasures enabled by default and a client could have them disabled by default. That would result in a client and server that would not interoperate until the administrator tracked down the problem and changed their configuration. I suggest that the document be changed to require not only that implementations support these countermeasures but that they be enabled by default. My response was: "Good catch." ACTION: Comments? Thanks, Chris
- [Syslog] Issue 15 - DoS measures Chris Lonvick
- Re: [Syslog] Issue 15 - DoS measures Joseph Salowey (jsalowey)