[Users] Sometime t_really() func seem to be endless
Henning Westerholt
henning.westerholt at 1und1.de
Thu May 24 16:39:45 CEST 2007
On Donnerstag, 24. Mai 2007, you wrote:
> >> I agree it confuses a bit (maybe because of the lack of docs), but other
> >> other hand it is useful as it spears a lot of resources without any deep
> >> knowledge from the user. Anyhow, what security issues do you see here?
> >
> > Haven't look deeper into the code, but if somebody spoof some 503 packets
> > to the server (easy with UDP), then he could easily disable all outbound
> > destinations.
>
> Well...I think this not something specific to blacklists, but to all
> features/functionalities (like faking byes/replies to close or prevent
> dialogs, etc ) :)
Sure, you're right. But inherent security issues from the protocol are more
understandable and manageable then the automagically disabling of
connections.
It in my opionion not the right thing to simply disable connections for
several minutes after one problem occured, especially in a production
environment.
The documentation in the wiki talks only about dns based blacklisting.
Causes '503s' now also a blacklist entry? Then the documentation should be
updated. :-)
--
Henning
More information about the Users
mailing list