On Tue, Dec 20, 2022 at 05:48:08PM +0100, Lukas Tribus <lukas@ltri.eu> wrote a message of 60 lines which said:
- where have those security concerns been previously discussed?
Several times on this list. This is a recurring discussion, for many years.
Are you suggesting that people deploy ATLAS probes in security sensitive inside parts of corporate networks?
I believe that the concerns were more about the security of the server than the security of the probe. Nobody wants Atlas to be used as a botnet against unsuspecting HTTP servers.
And those security concerns affect only GENERIC-HTTP not other currently available measurements like DNS?
For a typical DNS server, the "cost" does not depend on the request (at least for authoritative DNS servers). On the contrary, for HTTP, the cost can vary immensely from a static favicon.ico to a request involving many SQL statements.
we are talking about small HTTP HEAD and GET requests here.
The GET can be small but incurring a huge cost for the server.