[standards-jig] Discussion on JEP-0016: Server-Based Privacy Rules

mlin at mlin.net mlin at mlin.net
Sun Jan 20 03:33:31 UTC 2002


ten 100K packets that you are trying to block is a denial of service 
attack. any halfway competent attacker will make up a new username. yikes 
indeed.

will think about whitelists more carefully tomorrow.

-m.






"Peter Millard" <me at pgmillard.com>
Sent by: standards-jig-admin at jabber.org
01/19/2003 09:34 PM
Please respond to standards-jig

 
        To:     <standards-jig at jabber.org>
        cc: 
        Subject:        Re: [standards-jig] Discussion on JEP-0016: Server-Based Privacy Rules

mflin wrote:

> If you go back and read the earlier messages, x-virge and I both point 
out
> that the blacklist is trivial to circumvent. Make up a new username or
> cycle the DHCP on your local server, and you have a new JID to play 
with.
> In this sense, the feature is just a virtualization and it is irrelevant
> whether it is performed on the client or the server. The bandwidth
> argument fails because the blacklist can be circumvented so easily 
either
> way.

I would totally agree that a simple blacklist mechanism can easily be
circumvented, but a whitelist can not. However, if I block some looser kid
who is sending me msgs, or a spammer, they are unlikely to get a new 
account
just becuase they are getting bounced messages from me.

Perhaps you don't realize the full extent of the bandwidth issue because
you're not working with super thing clients.. Imagine someone I blocked
sending me ten 100K packets to my pager, or my cell phone. YIKES!

Peter M.


_______________________________________________
Standards-JIG mailing list
Standards-JIG at jabber.org
http://mailman.jabber.org/listinfo/standards-jig



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.jabber.org/pipermail/standards/attachments/20020119/57a2773f/attachment.html>


More information about the Standards mailing list