[Webkit-unassigned] [Bug 213143] New: Add artificial delay to WebSocket connections to mitigate port scanning attacks

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Fri Jun 12 13:18:23 PDT 2020 

https://bugs.webkit.org/show_bug.cgi?id=213143

            Bug ID: 213143
           Summary: Add artificial delay to WebSocket connections to
                    mitigate port scanning attacks
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebKit Misc.
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: katherine_cheney at apple.com

WebSocket connections can potentially be used to determine if specific ports are open using timing attacks. We should make this more difficult by adding some sort of delay or noise to the reporting of WebSocket state.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20200612/e62a5b11/attachment.htm>

More information about the webkit-unassigned mailing list