Re: Preventing Denial of Service Attack In IPC Serialization
 
On Jun 1, 12:34 pm, Lourens Veen <lour...@rainbowdesert.net> wrote:
Le Chaud Lapin wrote:
An to reiterate, I have a secure-mode of operation where this issue
is not a problem.
The problem is when the link is insecure.  And there are cases where
it is a legitimate necessity that the link be insecure.
So, basically you're saying that:
- You want to avoid unauthorised clients inducing the server to
allocate lots of resources, which would constitute a DoS attack.
- You want to let authorised clients induce the server to allocate
lots of resources without impediment.
- You can't authenticate clients to differentiate between the two
cases.
I suggest magic.
This is a most beautiful response.:)  This is *exactly* what I have
been trying to say
It it is evident to me that, with no authentication, you cannot have
your cake and eat it.  What you wrote above is inevitable.
What this means is that, any serialization framework, not just mine,
that claims that, "you can use it against sockets just as well as
files", is actually being somewhat dishonest.  Again, I am curious to
know how Boost handles serialization of strings.  What happens if I
want to serialize a 10,000-character string over a socket using
Boost's archive method.
Why is this important?
I means that, for all the applications on the Internet that uses
unprotected serialization of the kind provided by Boost,/etc...they
are all vulnerable to DoS attack.
All one has to do is super-saturate the server with bogus resource
consumption (memory allocation), and linger.
The most important observation, which I keep repeating, is that it
should also be evident that anything beyond a secure (authenticated)
connection won't work.  It will result in quick and massive
degradation of the framework itself.   For example, someone might
propose that the IP address of the server be checked, and if it makes
too many connections within a specified period, limit its memory
allocation.  Or whatever.
It should be obvious that:
1.  You are back to the original problem, which is "How much is too
much?"
2.  There are legitimate cases to multiple connections.
One cannot have his cake and eat it without authentication.
If I were an evil person, I'd go hunting around the Internet finding
servers that use serialization against general-public links and do
naughty things to them. ;)
-Le Chaud Lapin
-- 
      [ See http://www.gotw.ca/resources/clcm.htm for info about ]
      [ comp.lang.c++.moderated.    First time posters: Do this! ]