[aprssig] APRS-XO proposal

Joel Maslak jmaslak-aprs at antelope.net
Thu Jan 10 14:24:04 EST 2008


On Jan 10, 2008, at 12:15 PM, Scott Miller wrote:

> It's equally easy to flood via TCP.  You can provide exactly the  
> same protection measures via UDP.  As for firewalls blocking UDP -  
> I'd say that's a very broad generalization.  If you want to get  
> through firewalls, then UDP is probably your best bet -  
> specifically in the form of DNS queries that could be used to post  
> (and to query) position data.  You could do that from all but the  
> most heavily firewalled networks.


One big problem with UDP vs. TCP - source address spoofing.  Yes,  
there are still tons of networks out there that will forward packets  
from bogus source addresses.  TCP solves the problem if the server is  
reasonably up to date on patches, by using difficult to guess  
sequence numbers as part of the three-way handhake.  UDP doesn't do  
such a thing.  For reference, I am involved with network security for  
a government organization with over 1500 networks and 500 sites  
(involved -> designed the security architecture).

The problem once things get spoofed...the packets point back to  
someone who didn't do it, but to an untrained eye, it sure looks like  
they did.  And it's next to impossible to trace.

(True, TCP is still vulnerable to BGP spoofing attacks, but it's a  
lot harder to attack the router infrastructure than an open network  
that allows spoofed UDP)




More information about the aprssig mailing list