Just to second this, I am resending a comment I made a long time ago about DoS attacks / too large matrices (cut and paste from my IETF-75 notes):
"Jan Seedorf: has concerns with the workload for ALTO servers caused by queries with multiple source network locations, risk of easy DoS attacks, answer: the resulting answer matrices can be pre-computed and should not change that frequently" I remember that in that session (IETF-75) we exactly discussed the problem of "n(src)*n(dest)" becoming too large, or at least I made that comment ... - Jan > -----Original Message----- > From: [email protected] [mailto:[email protected]] On Behalf Of > Diego R. Lopez > Sent: Thursday, March 21, 2013 1:41 AM > To: [email protected] > Subject: Re: [alto] Security problem: DoS attacks via overload > > Hi, > > Since I am in the same situation as Wendy (in terms of being old enough to > remember when the Internet was small and even when it barely existed) I > like the idea of the "Request Too Large" error code, that reminds me what a > LDAP server returns when a search would include more entries than what > the server configuration allows to be returned. > > And I must say I support the idea of making full cost maps optional. Replacing > MUST for a SHOULD (and making clear that only the "Request Too Large" > error is acceptable to not satisfy it) should be enough to avoid the overload > risk while staying as close as possible to the minimum that makes Sebastian > feel uneasy... > > Be goode, > > -- > "Esta vez no fallaremos, Doctor Infierno" > > Dr Diego R. Lopez > Telefonica I+D > http://people.tid.es/diego.lopez/ > > e-mail: [email protected] > Tel: +34 913 129 041 > Mobile: +34 682 051 091 > ----------------------------------------- > > > ________________________________ > > Este mensaje se dirige exclusivamente a su destinatario. Puede consultar > nuestra política de envío y recepción de correo electrónico en el enlace > situado más abajo. > This message is intended exclusively for its addressee. We only send and > receive email on the basis of the terms set out at: > http://www.tid.es/ES/PAGINAS/disclaimer.aspx > _______________________________________________ > alto mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/alto _______________________________________________ alto mailing list [email protected] https://www.ietf.org/mailman/listinfo/alto
