[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: KINK user-user scenario
Derek Atkins writes:
> Luckily this wont affect the app-server, necessarily. Do we throw out
> any existing SA's in the process? (I would suggest that the answer is
Because of an unauthenticated request? I'd say "heavens no" :-)
> I would also think that we would need to have some level of
> request limiting so an attacker can't repeatedly bounce tons of
> messages off a single app-client.
Sure... this is true of every protocol which is subject
to DoS attacks... which is every protocol, I suspect.
The question I have is whether we need to be explicit
here, or whether we could just point to a BCP-like
document which outlines general strategies for
coping with and/or narrowing DoS opportunities.
> However you can still get a distributed attack against the KDC,
> because an attacker can build a single "fake" packet and send it to
> all the app-clients it can find. Then all those app-clients will
> blindly request out to the KDC.
Yes. This is the thing that really bothers
me. A single well placed attacker could flood
its n-B-T ethernet segment with U-U kinds of
requests to high fan out gateways and slag an
entire farm of KDC's. Since it's not coming from a
point source, it makes it very hard to defend
as well as trace back.