Re: [dcdev] adc
Fredrik Tolf
2004-01-23 4:58
Direct Connect developers

Todd Pederzani writes:
> Fredrik Tolf wrote:
> > >I really don't think that was the heart of the matter. The thing was
> >that with unknown broadcasted commands, you could potentially give a
> >command that would force compliant clients to send lots of data to an
> >unrelated IP address, thereby making DDoS attacks easy.
> >  > >
> I'm not sure I follow.  Certainly, you could (if the hub doesn't enforce > proper IPs) send a connection message to clients making them all try to > connect to a remote IP.  Or you could similarly fake an IP in the search > string (causing a bit of udp traffic to the remote IP).  Both are > possible with the current protocol.

That was what I was referring to. And I don't think anyone said that
the current protocol was perfect.

In any case, I don't really know why I even followed up on the DoS
matter. The thing that I really don't agree with about ADC is the fact
that such a command division isn't actually necessary. I believe that
all commands should be clearly defined, and those that are broadcasted
should be specified in such a way that allows for easy future
extension of those commands.

Fredrik Tolf

DC Developers mailinglist