On Sun, Jul 04, 2004 at 07:40:51PM +0100, Mark Powell wrote: > Had some dialup joker today, opening 45 smtp connections and doing > nothing on them, but a NOOP every 30s. Four hours later they were all > still there, until I killed them and blocked the IP. > Can we have the possibility of a noop handler, so a plugin could prevent > this?
Hm. While we might as well have a no-op hook, the attacker could have staged the same sort of attack with a gradual cycle of mail/rcpt/rset commands. A better countermeasure for this one would be a per-client max-connections limit. Won't do much against a zombie attack, but it'd deal with this sort. -- Devin \ aqua(at)devin.com, 1024D/E9ABFCD2; http://www.devin.com Carraway \ IRC: Requiem GCS/CC/L s-:--- !a !tv C++++$ ULB+++$ O+@ P L+++
