[aprssig] APRS-XO proposal
Joel Maslak jmaslak-aprs at antelope.netThu Jan 10 19:24:04 UTC 2008
- Previous message: [aprssig] APRS-XO proposal
- Next message: [aprssig] APRS-XO proposal
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Jan 10, 2008, at 12:15 PM, Scott Miller wrote: > It's equally easy to flood via TCP. You can provide exactly the > same protection measures via UDP. As for firewalls blocking UDP - > I'd say that's a very broad generalization. If you want to get > through firewalls, then UDP is probably your best bet - > specifically in the form of DNS queries that could be used to post > (and to query) position data. You could do that from all but the > most heavily firewalled networks. One big problem with UDP vs. TCP - source address spoofing. Yes, there are still tons of networks out there that will forward packets from bogus source addresses. TCP solves the problem if the server is reasonably up to date on patches, by using difficult to guess sequence numbers as part of the three-way handhake. UDP doesn't do such a thing. For reference, I am involved with network security for a government organization with over 1500 networks and 500 sites (involved -> designed the security architecture). The problem once things get spoofed...the packets point back to someone who didn't do it, but to an untrained eye, it sure looks like they did. And it's next to impossible to trace. (True, TCP is still vulnerable to BGP spoofing attacks, but it's a lot harder to attack the router infrastructure than an open network that allows spoofed UDP)
- Previous message: [aprssig] APRS-XO proposal
- Next message: [aprssig] APRS-XO proposal
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the aprssig mailing list