Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

DNSdir nit: DNS server indirect DOS attack #62

Open
oej opened this issue Aug 7, 2024 · 1 comment
Open

DNSdir nit: DNS server indirect DOS attack #62

oej opened this issue Aug 7, 2024 · 1 comment
Labels
wontfix This will not be worked on

Comments

@oej
Copy link
Member

oej commented Aug 7, 2024

If an authoritative resolver were configured to respond quite slowly
(think slow loris [XXXrefereceXXX]), is it possible to cause a DoS on
the TLS server via complete exhaustion of TCP connections?

Nit: I'd say this is tangential. There are many ways of attempting DoS, with
risks increasing for public servers and/or resolvers. I fail to see why single
out this one particular attack approach in this RFC. (BTW, what's
"authoritative resolver" anyway?)

https://datatracker.ietf.org/doc/review-ietf-dance-architecture-06-dnsdir-early-cunat-2024-07-19/
@oej
Copy link
Member Author

oej commented Aug 8, 2024

I do not see any need for action on this.

@mcr mcr added the wontfix This will not be worked on label Aug 15, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
wontfix This will not be worked on
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@oej @mcr