Ralf Hildebrandt:
> * Ansgar Wiechers <li...@planetcobalt.net>:
>
> > The issue with this attack is that it might exhaust CPU resources on the
> > server without having to saturate the bandwidth, due to cryptographic
> > operations required by SSL.
>
> Correct.
>
> > And that it seems to use BitTorrent as a multiplicator, so it doesn't
> > require a botnet.
>
> It brings it's own botnet :)
And thus, Postfix's botnet defenses kick in. With port 25 and 587,
the session won't even get to the TLS handhake. Postfix will go
into "stress mode" and hang up after the first SMTP error. Just
pray that there is a newline character somewhere in the client TLS
HELLO packet.
Wietse
