[NNTP] STREAMING diffs (take 2)
Ken Murchison
ken at oceana.com
Mon Jun 13 13:07:05 PDT 2005
Ken Murchison wrote:
> "A malicious client could use the STREAMING extension to launch a denial
> of service attack on a server. For instance, a client could cause the
> server to indefinitely defer offers of articles from its peers by
> issuing CHECK commands with specific message-ids and never sending the
> corresponding articles, or it could use a flood of TAKETHIS commands
> with unwanted articles to consume excessive bandwidth.
I might add this to the end of the first paragraph:
"Note that the vulnerability of a server to such attacks is dependent
upon its implementation."
--
Kenneth Murchison Oceana Matrix Ltd.
Software Engineer 21 Princeton Place
716-662-8973 x26 Orchard Park, NY 14127
--PGP Public Key-- http://www.oceana.com/~ken/ksm.pgp
More information about the ietf-nntp
mailing list