From: gah@ugcs.caltech.edu   
      
   Jorgen Grahn  wrote:   
   (snip, I wrote)   
      
   >> Some UDP protocols are picky, but most aren't.   
   (snip of TCP quad)   
      
   >> Many UDP protcols/implementations will accept anything coming   
   >> into the appropriate port.   
      
   > I can imagine that applying to DNS and maybe old-fashioned NFS, but do   
   > any /relevant/ protocols do that?  Let's say those that aren't (cannot   
   > be) stateless?   
      
   To be more specific, the client makes a request to a server, and   
   then waits for a reply.  In the ones I have worked with, the client   
   doesn't verify the source port on the reply.   
      
   As NFS/UDP is SunRPC based, I suppose that would support my claim,   
   though NFS uses a fixed port number, unlike most RPC based systems.   
      
   > I suppose a protocol could include a session identifier in every   
   > message, but why do that when the source address (before Skybuck's   
   > change) provides exactly that, for free?   
      
   As for skybuck, I would expect the routers on the reverse path   
   to put the original address back, in the same way that NAT   
   normally does.   
      
   > It also seems like an open invitation to DoS attacks.   
      
   Well, 10 years ago that wasn't so much of a problem.   
      
   With clients on ephemeral ports, though, it takes a lot of   
   packets for a DoS attack.  Not so hard for NFS.  I am not   
   so sure what NFS/UDP does with a properly formatted reply   
   to a request that it didn't send.   
      
   -- glen   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)