Peter Saint-Andre wrote: > 1. authentication attempts per account > 2. authentication attempts per IP address > 3. connection attempts per account > 4. connection attempts per IP address > 5. simultaneous connections per account > 6. simultaneous connections per account > > Currently XEP-0205 says a server could do #1 but the consequences might > be a DoS against the legitimate user, so instead it recommends #4 or #6 > because the spec assumes that the attacker will come from a different IP > address than the one used by the legitimate user. But #4 and #6 don't > solve the problem that Waqas mentions (a DoS attack launched by someone > from your same IP address, e.g. from behind the same NAT).
Must people have a NAT at home. If someone inside my home network is running a DoS on my account, I have bigger problems than my XMPP account. Dirk -- A Life? Cool! Where can I download one of those from?
