[Standards] LAST CALL: XEP-0205 (Best Practices to Discourage Denial of Service Attacks)

Dirk Meyer dmeyer at tzi.de
Tue Jan 13 20:04:03 UTC 2009


Peter Saint-Andre wrote:
> 1. authentication attempts per account
> 2. authentication attempts per IP address
> 3. connection attempts per account
> 4. connection attempts per IP address
> 5. simultaneous connections per account
> 6. simultaneous connections per account
>
> Currently XEP-0205 says a server could do #1 but the consequences might
> be a DoS against the legitimate user, so instead it recommends #4 or #6
> because the spec assumes that the attacker will come from a different IP
> address than the one used by the legitimate user. But #4 and #6 don't
> solve the problem that Waqas mentions (a DoS attack launched by someone
> from your same IP address, e.g. from behind the same NAT).

Must people have a NAT at home. If someone inside my home network is
running a DoS on my account, I have bigger problems than my XMPP
account.


Dirk

-- 
A Life? Cool! Where can I download one of those from?



More information about the Standards mailing list