Zooko O'Whielacronx: > Programmers who use UDP almost always implement some subset > of TCP's features, such as retrying, ordering, fragmentation, > congestion avoidance, etc..
Experience here shows that actually most programmers who use UDP implement approximately none of the above. See, for instance, RTP for VoIP... Doesn't even have congestion avoidance, which it really should. >This code they write to > implement these features is likely to contain bugs, and is by > definition network facing and handling data sent by unknown agents. Same with any TCP-using protocol. See the recent "Cseq field has > 24 bytes" buffer overflow of a popular SIP stack for instance, or all the way back to the first "fingerd" bugs and sendmail bugs (exploited by the Morris worm, even). Matthew Kaufman [EMAIL PROTECTED] http://www.amicima.com _______________________________________________ p2p-hackers mailing list [email protected] http://lists.zooko.com/mailman/listinfo/p2p-hackers
