On 4 Jul 2004, at 20:37, Devin Carraway wrote:
On Sun, Jul 04, 2004 at 07:40:51PM +0100, Mark Powell wrote:
Had some dialup joker today, opening 45 smtp connections and doing
nothing on them, but a NOOP every 30s. Four hours later they were all
still there, until I killed them and blocked the IP.
Can we have the possibility of a noop handler, so a plugin could
prevent
this?
Hm. While we might as well have a no-op hook, the attacker could have
staged the same sort of attack with a gradual cycle of mail/rcpt/rset
commands. A better countermeasure for this one would be a per-client
max-connections limit. Won't do much against a zombie attack, but it'd
deal with this sort.
http://linux.voyager.hr/ucspi-tcp/tcpserver-limits-2004-03-27.diff
Matt.
