aiocoap icon indicating copy to clipboard operation
aiocoap copied to clipboard
verified publisher icon chrysn

Follow multicast amplification mitigation guidance

Open chrysn opened this issue 5 years ago • 1 comments

Currently, aiocoap answers to way too many requests sent over multicast (even pings, which is not addressed separately as a GET / has the same effect). The default options for multicast should be turned down (making it more opt-in).

See https://tools.ietf.org/html/rfc7252#section-11.3

chrysn avatar Mar 24 '20 11:03 chrysn

Maybe the default could be "only accept no-response multicast"... this would prevent any amplification attack.

HRogge avatar Mar 25 '20 07:03 HRogge