[Noisebridge-discuss] 2169 door
Jonathan Lassoff
jof at thejof.com
Mon Oct 26 18:50:41 UTC 2009
Excerpts from Josh Myer's message of Mon Oct 26 02:14:12 -0700 2009:
> I must reiterate my concern from earlier: this opens up 2169 to a new DoS
> (Denial of Silence) attack. I also heard rumblings of allowing anyone's
> speakers to be used to play said jingle, which opens us up to a DDoS
> (Distributed Denial of Silence) attack. We may want to implement something
> like Nagle's algorithm to minimize the number of jingles which are played
> for a single user-at-gate event, as well as an exponential backoff in time
> in which the gate open command is allowed to be utilized.
True, someone could repeatedly request the gate be opened through that
page or call the script it calls.
Then again, someone could just as easily log into the netbooted machines
and run "beep" repeatedly, or the mpd on the greeter machine, or the mpd
on zebra....
Suddenly this problem isn't so new.
Though rate limiting rapid-fire requests might not be such a bad idea,
it just hasn't presented itself as a problem yet.
--j
More information about the Noisebridge-discuss
mailing list