On Tue, Mar 28, 2006 at 03:54:26PM +0200, Bruce Campbell wrote: > On Mon, 27 Mar 2006, Robert B Quattlebaum, Jr. wrote: > > >Perhaps, but it needs to be clarified that such a limit must be > >implemented in a very specific way. Current implementations of "max stanza > >size" will likely not prevent this attack from being successful because it > >is imposed after the stanza is parsed. This attack is targeted at the > >streaming XML parser. > > > >Such a limiting mechanism should be implemented at the transport level, > >not at the session or presentation layers as currently implemented in most > >XMPP servers. > > Yes. > > Another measure that should be added to such a JEP is a maximum time value > for any stanza to be received. This would provide against attacks which > consist of a slow stream of '<iq>baa(sleep)baa(sleep)black(sleep)sheep' > etc, and distributed versions of this (many connections doing this, tying > up both TCP handles and depending on how the parser is implemented, > eventually having an interesting memory allocation pattern.)
Y'all feel free to start writing this document. ;-) Some of this may belong in the security considerations section of rfc3920bis. Peter -- Peter Saint-Andre Jabber Software Foundation http://www.jabber.org/people/stpeter.shtml
