Am 05.10.2011 21:56, schrieb Mike Wacker:
On 10/4/2011 11:15 AM, Alexander Holler wrote:
If the server never times out a room that is created but not configured
and unlocked, then an easy DOS vector is to flood the server with room
creation requests but never configure any of the rooms. Since these
unconfigured rooms never time out, these creation requests will
eventually starve the server of resources. Throttling won't work here,
as it will slow but not stop the eventual starvation.
Two mitigations would be to either time-out unconfigured rooms or put a
cap on the number of unconfigured rooms a single user can create. You
could also have a max cap of total rooms for all users, but that also
has DOS implications because even if malicious users can't DOS the
server, they can DOS other users trying to create rooms if they can hit
the server cap.
Whats the difference between unconfigured and configured rooms?
It's as easy to DOS a server with configured rooms as with
unconfigured rooms and it will cost a malicious client almost nothing
to configure a room along with the creation.
Regards,
Alexander
Good call, Alexander, my initial line of inquiry began with the question
of what if a malicious client intentionally did not configure the room,
but configuring the room does not make the problem go away.
In fact, configured rooms present additional complications. If a user
sends an occasional message to each room after its unlocked, this would
also with little cost to the hacker would prevent the server from timing
out and destroying the room due to inactivity.
The solution is simple, a (service global) limit for ownerships in rooms.
Regards,
Alexander
