On Fri, Feb 7, 2014 at 8:54 AM, Mathieu Pasquet <[email protected]> wrote: > That is why I find > it quite unfair to behave as if the server admins weren't having a > problem with the rogue activity.
Nobody is doing this. The servers in question aren't blocked as punishment, they're blocked to protect the jabber.org service. > Ultimately, the best thing would first be to have better rate-limiting > tools. It is no silver bullet, but being able to rate-limit outgoing > connections individually and globally would be a great improvement over > what there is today (and mod_limits in prosody is a start in this > direction). Part of the problem with these attacks is that they're distributed across a number of servers (actually a fairly small number for the current attack, it seems, I've seen much larger distribution (maybe more servers have protection against rogue registrations now)), so rate limiting at the single outgoing connection might help, but doesn't really address the issue, as far as I can tell. Also worth noting is that rate limiting incoming S2S is harmful to the server that is trying to send the data (it then has to queue the data or drop them on the floor), which is a large part of why these DDoS attacks work. /K
