What's the difference between listening on port 80 or other port? Can you explain more on this one? Thanks.
On 7/21/07, Mark Webb <[EMAIL PROTECTED]> wrote:
What about a scenario where port 80 is open on the firewall, and a malicious person is attempting a DDoS on the server listening on port 80? I do not think all (maybe not any) firewalls can protect against that. On 7/20/07, mat <[EMAIL PROTECTED]> wrote: > > Now I wonder whether ConnectionThrottleFilter could be done in most > Firewall? > > On 7/13/07, Mark <[EMAIL PROTECTED]> wrote: > > > > I like that idea. I also agree with Mat and a firewall *should* handle > > the > > blacklisting, but defense-in-depth is something I strongly believe in. > > > > On 7/11/07, Trustin Lee <[EMAIL PROTECTED]> wrote: > > > > > > On 7/12/07, Mark <[EMAIL PROTECTED]> wrote: > > > > Not sure I agree. > > > > > > > > Blacklisting a host is analogous to a firewall operation in that the > > > > administrator of a MINA-based application would determine which > hosts > > > can > > > > connect to the application. The ConnectionThrottleFilter is > designed > > to > > > > block host connections when they try and connect to quickly, like in > > the > > > > case of a denial-of-service attack. > > > > > > > > I could understand combining code via a shared parent class. There > > was > > > talk > > > > of even extending the ConnectionThrottleFilter further by keeping a > > host > > > in > > > > the 'block' list for a configurable amount of time. > > > > > > I think what differs is a policy. If the policy is pre-programmed or > > > permanant, it's what BlacklistFilter does. Otherwise, it's what > > > ConnectionThrottlefilter is supposed do. Probably we could create > > > some generic filter that user can specify a certain policy. For > > > example: > > > > > > ConnectionThrottlePolicy p = ...; > > > ConnectionThrottleFilter f = new ConnectionThrottleFilter(p); > > > > > > Trustin > > > -- > > > what we call human nature is actually human habit > > > -- > > > http://gleamynode.net/ > > > -- > > > PGP Key ID: 0x0255ECA6 > > > > > > > > > > > -- > > ..Cheers > > Mark > > > -- ..Cheers Mark
