[DeleGate-En] Re: Antwort: Re: [DeleGate-En:3553] delegate security flaw [Virus checked]
In message <_A3549@delegate-en.ML_> on 10/18/06(21:25:24)
you firstname.lastname@example.org wrote:
|even with stls this is not the case ! the permission is denied after an
|initial relay has been made to an arbitrary server.
|therefore the delegate master process still is vulnerable to ddos ! :-(
If SSL is failed with STLS=fcl, MASTER DeleGate (with SERVER=delegate)
cannot know any of client's request including the desitination server,
so it cannot connect to anywhere. I think so.
9 9 Yutaka Sato <email@example.com> http://delegate.org/y.sato/
( ~ ) National Institute of Advanced Industrial Science and Technology
_< >_ 1-1-4 Umezono, Tsukuba, Ibaraki, 305-8568 Japan
Do the more with the less -- B. Fuller