[AFS3-std] rxgk-afs: moving SetCallBackKey to a separate
document?
Chaskiel Grundman
cg2v@andrew.cmu.edu
Sat, 2 Mar 2013 04:34:19 +0000
> Unprotected callback channels also permit Denial of Service attacks=0A=
> against the cache manager because any IP address can send the cache=0A=
> manager RPCs that invalidate the contents of the cache.=0A=
=0A=
The rxgk callback protection described in the document does not prevent tha=
t. In particular:=0A=
=0A=
> Only RPCs issued over an rxgk protected connection should receive=0A=
> rxgk protected callbacks=0A=
=0A=
And in any event, Why can't the attacker just send RXAFSCB_InitCallbackStat=
e3 and invalidate the cache that way? There is no way to require that call =
be protected (think fileserver restart where the state save/load didn't wor=
k).=0A=
=0A=
I also find this notion that callback revocations could be used in an ampli=
fication attack silly. The CM is not going to respond to every RXAFSB_CallB=
ack() with RXAFS_FetchStatus(). It will only do that the next time that afs=
vnode is touched by a client=