Dirk Meyer wrote: > Peter Saint-Andre wrote: >> 1. authentication attempts per account >> 2. authentication attempts per IP address >> 3. connection attempts per account >> 4. connection attempts per IP address >> 5. simultaneous connections per account >> 6. simultaneous connections per account >> >> Currently XEP-0205 says a server could do #1 but the consequences might >> be a DoS against the legitimate user, so instead it recommends #4 or #6 >> because the spec assumes that the attacker will come from a different IP >> address than the one used by the legitimate user. But #4 and #6 don't >> solve the problem that Waqas mentions (a DoS attack launched by someone >> from your same IP address, e.g. from behind the same NAT). > > Must people have a NAT at home. If someone inside my home network is > running a DoS on my account, I have bigger problems than my XMPP > account.
Right, that's what I was thinking. :)
