From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <auerswal@unix-ag.uni-kl.de>
Received: from mailgw1.uni-kl.de (mailgw1.uni-kl.de
 [IPv6:2001:638:208:120::220])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by lists.bufferbloat.net (Postfix) with ESMTPS id 438133B29D
 for <bloat@lists.bufferbloat.net>; Sun, 23 May 2021 17:42:33 -0400 (EDT)
Received: from [172.20.10.2]
 (dynamic-046-114-003-126.46.114.pool.telefonica.de [46.114.3.126])
 (authenticated bits=0)
 by mailgw1.uni-kl.de (8.14.4/8.14.4/Debian-8+deb8u2) with ESMTP id
 14NLgMER042172
 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT)
 for <bloat@lists.bufferbloat.net>; Sun, 23 May 2021 23:42:30 +0200
Cc: bloat@lists.bufferbloat.net
References: <aa87bb559e31429d936eb452ecda55b3@telenor.no>
 <7FBA3F6F-CBA1-4B19-B48F-10927EDA17A9@gmail.com>
 <ed15b474-e295-d0db-25db-82b207cede2e@unix-ag.uni-kl.de>
 <A9AA2031-68FA-4CF4-B198-5A798802719C@gmail.com>
From: Erik Auerswald <auerswal@unix-ag.uni-kl.de>
Message-ID: <1a730631-6cc4-8f5d-fa1a-92f9d71ef606@unix-ag.uni-kl.de>
Date: Sun, 23 May 2021 23:42:22 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101
 Thunderbird/68.10.0
MIME-Version: 1.0
In-Reply-To: <A9AA2031-68FA-4CF4-B198-5A798802719C@gmail.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-GB
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, hits=1.606, tests=KHOP_HELO_FCRDNS=0.4,
 MISSING_HEADERS=1.207, NICE_REPLY_A=-0.001
X-Spam-Score: * (1.606)
X-Spam-Flag: NO
Subject: Re: [Bloat] Educate colleges on tcp vs udp
X-BeenThere: bloat@lists.bufferbloat.net
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: General list for discussing Bufferbloat <bloat.lists.bufferbloat.net>
List-Unsubscribe: <https://lists.bufferbloat.net/options/bloat>,
 <mailto:bloat-request@lists.bufferbloat.net?subject=unsubscribe>
List-Archive: <https://lists.bufferbloat.net/pipermail/bloat>
List-Post: <mailto:bloat@lists.bufferbloat.net>
List-Help: <mailto:bloat-request@lists.bufferbloat.net?subject=help>
List-Subscribe: <https://lists.bufferbloat.net/listinfo/bloat>,
 <mailto:bloat-request@lists.bufferbloat.net?subject=subscribe>
X-List-Received-Date: Sun, 23 May 2021 21:42:33 -0000

Hi,

On 23.05.21 23:02, Jonathan Morton wrote:
>> On 23 May, 2021, at 9:47 pm, Erik Auerswald <auerswal@unix-ag.uni-kl.de> wrote:
>>
>> As an additional point to consider when pondering whether to
>> use TCP or UDP:
>>
>> To mitigate that simple request-response protocols using UDP
>> lend themselves to being abused for reflection and amplification…
> 
> I suspect such considerations are well beyond the level of education requested here.  I think what was being asked for was "how do these protocols work, and why do they work that way, in language suitable for people working in a different field", rather than "which one should I use for X application".

Yes, I do think so as well.

Nevertheless, I want to raise awareness of the risks
inherent in building protocols based on UDP.

As an optimist, I do believe that it may be possible
that in future less new protocols are created that
are useful for amplification attacks, by often raising
awareness of the risks and how to mitigate them.

I would have preferred if the current DDoS attacks using
STUN could have been avoided, by allowing standard
compliant STUN implementations to have an amplification
factor < 1, or at least ≤ 1, and by building response
rate limits into the standard.

(See, e.g., 
https://mail.jabber.org/pipermail/operators/2021-April/003130.html)

Thanks,
Erik