On Aug 10, 2004, at 2:30 PM, Jeremy Kitchen wrote:
On Tuesday 10 August 2004 12:23 pm, Damian Menscher wrote:The gpg-signature prevents spoofing. And the sequence numbers keep everyone current. The major problems I see are getting clamd to recognize a message targeted for it, and the obvious problems of DoS attacks (someone sending spoofed messages that would suck CPU time decoding the gpg signature).
yes, that's an unfortunate problem with this idea, however, if you used, as I
stated, a special address that uses program delivery, you'd have to hack the
listserver to get everyone's 'subscription' address to be able to do this.
Instead of having this piggyback on email, I was thinking more along the line of a separate protocol just *modeled* after email. Separate port, separate server daemon for it...maybe it would lessen the chances of your updates getting filtered by spam filters and/or targeted for probes and overflow attacks in the process.
That way it isn't hacking the MTAs out there to do work that isn't meant or related to them...never liked the idea of bending programs backwards to tack on added functionality. Seems to be another vector for bug creep :-)
[I haven't given up on DNS updates yet, but it's hard to come up with a
clean way to distribute >256 bytes of data that way, which means even
single rules don't always fit.]
I wouldn't distribute the rule in DNS, however, a timestamp of sorts in dns
isn't a bad idea.
While DNS is an interesting idea, I'm worried more about what kind of bugs and glitches this is going to uncover in the process (or what kind of attacks would be crafted should this idea catches on.) Let's say the idea does become popular, and clam and other programs out there start taking advantage of it...I don't know about all of you, but I didn't set up a DNS server on a system meant for constant hits from other sources querying it; it's just a little system that can handle the load of a small network and that's pretty much it :-) And what about systems that restrict querying to certain IPs? If a service starts getting abused, that tends to be when (clueful) admins start taking steps to lock things down; many places with NTP servers, for example, will host a "public" site until too many people start hitting and if it starts to become a burden, the time server suddenly disappears. :-(
-Bart
------------------------------------------------------- SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media 100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33 Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift. http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285 _______________________________________________ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
