Todd Pederzani writes:
> Fredrik Tolf wrote:
> >I really don't think that was the heart of the matter. The thing was
> >that with unknown broadcasted commands, you could potentially give a
> >command that would force compliant clients to send lots of data to an
> >unrelated IP address, thereby making DDoS attacks easy.
> I'm not sure I follow. Certainly, you could (if the hub doesn't enforce
> proper IPs) send a connection message to clients making them all try to
> connect to a remote IP. Or you could similarly fake an IP in the search
> string (causing a bit of udp traffic to the remote IP). Both are
> possible with the current protocol.
That was what I was referring to. And I don't think anyone said that
the current protocol was perfect.
In any case, I don't really know why I even followed up on the DoS
matter. The thing that I really don't agree with about ADC is the fact
that such a command division isn't actually necessary. I believe that
all commands should be clearly defined, and those that are broadcasted
should be specified in such a way that allows for easy future
extension of those commands.