Henning Westerholt wrote:
On Donnerstag, 24. Mai 2007, you wrote:
To warm-up an old discussion about this feature:
i think this should be really disabled by default, because of user confusion and possible security issues.
I agree it confuses a bit (maybe because of the lack of docs), but other other hand it is useful as it spears a lot of resources without any deep knowledge from the user. Anyhow, what security issues do you see here?
Haven't look deeper into the code, but if somebody spoof some 503 packets to the server (easy with UDP), then he could easily disable all outbound destinations.
Well...I think this not something specific to blacklists, but to all features/functionalities (like faking byes/replies to close or prevent dialogs, etc ) :)
Regards, Bogdan