[noise] DoS *is* a problem
Trevor Perrin
trevp at trevp.net
Thu Nov 19 11:55:14 PST 2015
On Thu, Nov 19, 2015 at 3:54 AM, Jason A. Donenfeld <Jason at zx2c4.com> wrote:
> On Thu, Nov 19, 2015 at 7:40 AM, Trevor Perrin <trevp at trevp.net> wrote:
>> On Wed, Nov 18, 2015 at 7:20 PM, Jason A. Donenfeld <Jason at zx2c4.com> wrote:
>>> Welp, I've implemented some hash token bucket situation, which is a
>>> decent practical solution.
>
> I take that back. My token bucket is totally worthless, since my
> protocol runs over UDP, where source IPs can be spoofed anyway.
Look at the cookie approach used in DTLS or IPsec if you want UDP Dos
protection.
This isn't something generic enough to put in Noise, IMO.
Trevor
More information about the Noise
mailing list