On Wed, 24 Sep 2003, Toad wrote: > On Mon, Sep 22, 2003 at 03:02:42PM -0700, Ian Clarke wrote: > > On Mon, Sep 22, 2003 at 10:41:04PM +0100, Toad wrote: > > > From time to time, reimplementing TCP, or using UDP, has been suggested > > > for Freenet. I will now show that Freenet's future security requires it. > > > An attacker who can observe the traffic to and from a node, and who can > > > introduce a tiny amount of traffic, can close any TCP connection between > > > the node and the rest of the network, with virtually no effort, and > > > perhaps using spoofed packets. Thus, the ability to surveil a Freenet > > > node and spoof a tiny number of packets equates to the ability to > > > destroy the node in question. > > > > > > Why is this crazytalk? > > > > Firstly, a DoS attack on a known Freenet node is always going to be > > possible because a DoS attack on any given IP address, irrespective of > > what services it is running, is within the capability of the average 12 > > year old script kiddie. > > Wrong. Total bullshit. A 12 year old kiddie can DoS an address IF HE HAS > OR CAN ACQUIRE MORE BANDWIDTH THAN THE TARGET. Otherwise the internet > would have been completely destroyed aeons ago.
You mean there ARN'T leigons of trojaned zombie machines out there right this minute listening for (spoofed) command packets? Man, and here I thought that DDoS was something to worry about. Hint: The average script kiddy has access to about 2-5mbit/sec of bandwidth to thwack you with. At least freenet isn't IRC. If it were, you'd be seeing users/servers blasted a few times a day. Apparently a 5meg DDoS is how you say "this is my channel now". The only useful observation is that your average script kiddy cares more about who badmouthed him on AIM then about going after critical internet infrastructure. Most attacks end because the attacker ends them, not because they were "thwarted" by the "internet police". --Dan
pgp00000.pgp
Description: PGP signature
_______________________________________________ Devl mailing list [EMAIL PROTECTED] http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/devl
