[NNTP] STREAMING diffs (take 2)

Ken Murchison ken at oceana.com
Mon Jun 13 13:07:05 PDT 2005


Ken Murchison wrote:

> "A malicious client could use the STREAMING extension to launch a denial 
> of service attack on a server.  For instance, a client could cause the 
> server to indefinitely defer offers of articles from its peers by 
> issuing CHECK commands with specific message-ids and never sending the 
> corresponding articles, or it could use a flood of TAKETHIS commands 
> with unwanted articles to consume excessive bandwidth.

I might add this to the end of the first paragraph:

"Note that the vulnerability of a server to such attacks is dependent 
upon its implementation."

-- 
Kenneth Murchison     Oceana Matrix Ltd.
Software Engineer     21 Princeton Place
716-662-8973 x26      Orchard Park, NY 14127
--PGP Public Key--    http://www.oceana.com/~ken/ksm.pgp



More information about the ietf-nntp mailing list