On Mon, 6 Oct 2003, Peter Galbavy wrote: > Erm, I can see a huge DoS hole waiting to happen to any protocol that > doesn't in turn implement some sort of authentication of the server. The > more protocols you allow to do this, the more potential for DoS of important > (possibly) client information.
Uhm, you are also aware that if the attacker can spoof the kiss-o'-death packets; the same attacker could spoof all sorts of other packets including the time protocol packets to change the clock on your computer.
