[jdev] Re: Re: s2s - invalid subsequent db:result
Gaston Dombiak
gaston at jivesoftware.com
Mon May 23 13:43:54 CDT 2005
Hey Jacek,
I'm not sure if this could result in a DoS attack since the conversation
will only take place between the authenticated servers. Unless somehow
somebody can break the security of the Originating Server and send something
over the socket connection. :(
Regards,
-- Gato
"Jacek Konieczny" <jajcus at bnet.pl> wrote in message
news:20050520080612.GE30379 at serwis2.beta...
> On Fri, May 20, 2005 at 07:11:57AM +0200, Stephen Marquard wrote:
>> Gaston Dombiak wrote:
>> >Which is the expected behavior when the subsequent <db:result/> packet
>> >is
>> >invalid or there was some kind of error during the validation process?
>> >Should the Receiving Server close the stream and the underlying TCP
>> >connection as described in Protocol 8.3 step 10?
>>
>> That was my interpretation for jabberd2 - any validation error on the
>> stream at any stage causes the stream & TCP connection to be closed.
>>
>> It should only happen if something is misconfigured on either side or
>> someone is trying to spoof a connection.
>
> Doesn't that allow a remote DoS agains any established s2s connection?
>
> Greets,
> Jacek
More information about the JDev
mailing list