There's more to this story, but here's a situation. Can you tell what they did wrong?
I want to implement a ping-type application, but I'm going to write my own protocol. It is going to go over UDP, obviously, because you can't really ping with TCP, and II want it to be really simple, so here's what I do:
Client -> Server: 0x01
Server -> Client: 0x01
When I send the server a single byte, "1", it responds with the same byte, "1".
There is an attack that can cripple a system like this. Can anybody see it? (if you've heard about this, shh)