Open ShadowJonathan opened 2 years ago
Hmmm, actually, there may be a problem with this behaviour, as alert messages required an encryption context, and receiving and processing this effectively could allow for DoS attacks, similarly to a MITM agent sending a RST to either party.
This is exasperated by the fact that UDP can allow very easy source address spoofing, I'll notify the authors of this proposal of this problem.
As a reason for this library's creation is to support ruma/lb, one other goal is to be marginally compatible with matrix-org/lb, which is a reference implementation of the "MSC", which contains the following bit in the proposal text;
While one problem with this section is that, if this was taken at "face value", this would allow a DoS attack, I'd like to also add in the additional functionality;
Allow an optional configuration setting in the server listener, which will respond to unrecognised DTLS packets with CloseNotify, and only every X amount of times for connections in a timeout.
This would mitigate DoS amplification attacks, while eventually edging off existing DTLS connections after such a server restart.
Of course, the default behaviour would be to drop these packets, this is an opt-in behaviour.