[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Opiated file systems



On 18 Jul 96 18:49:04 -0800, [email protected] wrote:

>The problem I ran into firsthand with archive sites is that they tend to
>turn into porn or pirated software servers.  One could then have the
>software delete after a download.  Anyway, one is always open to a denial
>of service attack where someone just throws chunks of /dev/random at you.

>If someone has any ideas on how to slow down attacks like this, please
>E-mail me.  It would be nice to have an offsite storage place, but without
>the necessity of giving a bunch of personal info (as with Mcaffee's
>WebStor).

A) Only accept files with valid PGP signatures from accepted keys - this
is one area where PGP's commandline interface is a plus - just write a
batch script. Demand that a separate file be sent first, signed by a
certain key. This file would contain valid filenames for the rest of the
session. If a non-listed file is sent, kill the session.  This could all
be automated with a simple program. You could probably even use SSLs and
similar to do it on a website if you could swill the PGP bit - maybe a
plugin?

B) bounce trash back.

// Chris Adams <[email protected]> - Webpages for sale! Se habla JavaScript!
// Automatically receive my resume or PGPKEY by sending email with a subject
// of 'send PGPKEY' or 'send resume'. Capitalization counts so be careful!