Roger Taranto a écrit :
If it didn't tie up sockets on our machines, it seems like instead of rejecting the mail, we should just hold on to the mail connection for as long as possible. It wouldn't take too long to tie up all of their outbound connections and back up their mail server. Unfortunately, it punishes our mail servers, too. :(
one way for that would be to "pass the descriptor" to a light process that will only keep them connected. for example setting the tcp window to zero. now, this would only be safe if you modify the tcp stack to do that without keeping too much infos.
On the other hand, they have so much bandwidth/power available via zombies that this seems like playing a self-dos game.
