[Tails-dev] Endless Data Attack and Defense

Esta mensaxe é parte do seguinte fío:
MÁrbore completa do fío ordenada por data
M\ 
MMintrigeri o ->
Borrar esta mensaxe

Responder a esta mensaxe
Autor: adrelanos
Data:  
Para: The Tails public development discussion list
Asunto: [Tails-dev] Endless Data Attack and Defense
Hi!

I've been reading the Thandy design.

> Endless data attacks. An attacker responds to a file download request
with an endless stream of data, causing harm to clients (e.g. a disk
partition filling up or memory exhaustion).

Affected:
- tails_htp
- Tails security check perhaps?
- wherever else where you are using a scripted download (didn't check
more throughly than a fast grep for curl)

We're in luck. A fix doesn't appear to be that complicated. Curl
supports --max-time.

Adding a timeout between, well, 120 and 300 seconds?

Whatever a good timeout value would be, it's probable best not the hard
code let's say for example 120 seconds.

I think it may be best to add a random extra delay between maybe 0 and
300 seconds seconds so the attacker doesn't know for sure if Tor, the
wifi, the network broke down or if the user was using --max-time.

What do you think?

Cheers!
adrelanos

Esta mensaxe foi enviada ás seguintes listas:
tails-dev
Información da lista | Mensaxes recentes		<-Re: [Tails-dev] Shutdown button in camouflage modeRe: [Tails-dev] Endless Data Attack and Defense->
lists.autistici.org administrado por postmasterLurker (versión 2.3)