[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [ietf-irnss Home]
Subject: Re: DoS attack ?
--On Friday, 07 December, 2001 02:35 +0900 YangWoo Ko
<newcat@spsoft.co.kr> wrote:
> On Thu, Dec 06, 2001 at 12:15:01PM -0500, John C Klensin wrote:
>> A search in that search layer can specify values for any
>> combination of facets that the searcher, or search-vendor,
>> finds appropriate. Leaving one out is equivalent to "match
>> anything that happens to be there".
>
> Dear John Klensin,
>
> What will happen if I send a query with {null, null, ...}
> tuple ? Can I download the whole database ? It looks like a
> very easy DoS attack.
I thought I had explained this in the "dns search" document, but
I think that any sensible search system vendor would prohibit
that case, presumably by returning an "are you crazy?" error
message. It might even be sensible to require that at least a
name-string be present as a protocol matter (I think "dns
search" suggests that). With or without such a protocol
restriction, I'd expect search system vendors to be able to
protect themselves against both DOS attacks and excessive data
mining by recognizing over-broad searches and prohibiting them.
Note that, in principle, one could accomplish a "return the
whole internet" query by
{ {name-string "foo" ReallyBigNumber }
} ReallyBigNumber }
So just requiring that the name-string facet be present doesn't
help much if one permits arbitrarily-great distance between the
query string and strings in the database.
( In that notation, your (null, null, null,...) search on a
single database would be
{ { } 0 }
.)
john
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [ietf-irnss Home]
Powered by eList eXpress LLC