> Name: HELO
> Options: None
> Description: Initial greeting used right after connecting.
> Returns: Hello <ip/domain name> <protocol version> [whatever you want]
> Errors: BadHello, # Sent unencrypted, then the server cuts the connection
> TooManyConnections # Then the server cuts the connection
Avoiding replay DoS attacks:
The server should reply to a HELO message with HELLO <serial> <ip>
<proto> [etc], where <serial> is the session's serial number. All
subsequent messages sent by the client should give the serial number as
the first option. If a message with an old serial number is received,
the connection should be dropped.
Weak attempt at node hiding:
The server should not respond to an invalid HELO. It should continue
reading data from the stream for a random number of seconds without
responding, and then drop the connection. This will stop people from
writing sniffers that send four bytes of random data to a port and
listen for a 'BadHello'.
BTW, why does SMTP (and now ENCP) use HELO instead of HELLO?
Michael
_______________________________________________
freenet-tech mailing list
[EMAIL PROTECTED]
http://lists.freenetproject.org/mailman/listinfo/tech
