Limit retransmission of closing packet #1905
Labels
-transport
design
An issue that affects the design of the protocol; resolution requires consensus.
has-consensus
An issue that the Chairs have determined has consensus, by canvassing the mailing list.
Comments
martinthomson
added
design
martinthomson
added a commit
that referenced
this issue
Oct 25, 2018
A minor point, and we might not even regret this, but it's not worth risking it. Closes #1905.
mnot
added
the
has-consensus
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
@mikkelfj observes that we permit rate limiting of connection close frames, but they might be used to create an amplification attack if the closing endpoint is naive in its handling. The fix is easy - the endpoint needs to remember a validated address for its peer along with the closing packet. Packets from other remote addresses need to be dropped or only responded to if the size of the incoming packet is > 1/3 of the closing packet. In most cases, this won't change anything.
The text was updated successfully, but these errors were encountered: