You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When implementing an IP-based blacklisting, it would be foolish to rely on unvalidated remote addresses: An attacker could easily prevent a legitimate client from connecting by just spoofing the source address.
The ClientHelloInfo should contain a field AddressVerified, and a blacklisting implementation would then only act on verified addresses. The number of unvalidated handshakes is limited by MaxUnvalidatesHandshakes, so this doesn’t pose an attack vector.
The text was updated successfully, but these errors were encountered:
When implementing an IP-based blacklisting, it would be foolish to rely on unvalidated remote addresses: An attacker could easily prevent a legitimate client from connecting by just spoofing the source address.
The
ClientHelloInfo
should contain a fieldAddressVerified
, and a blacklisting implementation would then only act on verified addresses. The number of unvalidated handshakes is limited byMaxUnvalidatesHandshakes
, so this doesn’t pose an attack vector.The text was updated successfully, but these errors were encountered: