> Unprotected callback channels also permit Denial of Service attacks > against the cache manager because any IP address can send the cache > manager RPCs that invalidate the contents of the cache.
The rxgk callback protection described in the document does not prevent that. In particular: > Only RPCs issued over an rxgk protected connection should receive > rxgk protected callbacks And in any event, Why can't the attacker just send RXAFSCB_InitCallbackState3 and invalidate the cache that way? There is no way to require that call be protected (think fileserver restart where the state save/load didn't work). I also find this notion that callback revocations could be used in an amplification attack silly. The CM is not going to respond to every RXAFSB_CallBack() with RXAFS_FetchStatus(). It will only do that the next time that afs vnode is touched by a client_______________________________________________ AFS3-standardization mailing list [email protected] http://lists.openafs.org/mailman/listinfo/afs3-standardization
