a long time ago, someone found out you could flood IRC networks using
HTTP clients (browsers):
https://www.theregister.com/2010/01/30/firefox_interprotocol_attack/
we do not immediately find any RFCs that address this issue. browsers
mitigated the issue by blocking certain ports, while IRC networks...
we're not sure what IRC networks did, honestly.
and that is part of the problem. what can protocol authors do to ensure
their protocols are not vulnerable to such attacks? and what can
implementers do about protocols that were never designed with such
attacks in mind? we don't currently have these answers.
if anyone can point us to something, it would be appreciated.
thanks.
--
plural system (tend to say 'we'), it/she/they, it instead of you
--
Witarea mailing list -- [email protected]
To unsubscribe send an email to [email protected]
