[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [saml-dev] SAML 2.0 DOS attacks
> Namely, how can and IdP protect against DOS attacks, by > restricting allowed authentication requests from certain > SP's, when an attacker can easily spoof IP addresses? -- i.e. > is there another way, to limit the set of SP's that can > initiate user authentication with the IdP? You could use a local or intermediate packet filter whose policy restricts access to the IdP from trusted IPs. An attacker who spoofs a trusted IP address isn't able to mount the more computationally expensive attacks (eg. TLS-based ones) because the TCP handshake won't (or shouldn't) complete. josh. JANET(UK) is a trading name of The JNT Association, a company limited by guarantee which is registered in England under No. 2881024 and whose Registered Office is at Lumen House, Library Avenue, Harwell Science and Innovation Campus, Didcot, Oxfordshire. OX11 0SG
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]