http://vincent.bernat.im/en/blog/2011-ssl-dos-mitigation.html -> "Things
get worse" shows that it's easier to DoS the server with multiple
connections than with renegotiations, so I don't know if there's much
point in disabling renegotiations. Perhaps Dovecot could allow e.g. one
renegotiation per
Am 27.10.2011 10:25, schrieb Ed W:
> On 26/10/2011 10:01, Robert Schetterer wrote:
>> the most problem is see , not everybody can use fail2ban on his servers
>> by keeping out dummy auth users over nat ( I have such case )
>>
>> anyway ,firewalls should slow down ddos attacks, which might cause oth
On 26/10/2011 10:01, Robert Schetterer wrote:
> the most problem is see , not everybody can use fail2ban on his servers
> by keeping out dummy auth users over nat ( I have such case )
>
> anyway ,firewalls should slow down ddos attacks, which might cause other
> problems then *g, but for sure not f
Am 26.10.2011 10:43, schrieb Steinar Bang:
>> Steinar Bang :
>> Timo Sirainen :
>
>>> I don't know if I'm doing something wrong, but I can't even cause a
>>> DoS. Even while all imap-login processes are eating 100% CPU (almost
>>> 500 handshakes/second), I can successfully log in with anot
> Steinar Bang :
> Timo Sirainen :
>> I don't know if I'm doing something wrong, but I can't even cause a
>> DoS. Even while all imap-login processes are eating 100% CPU (almost
>> 500 handshakes/second), I can successfully log in with another client.
> Are you using the tool linked to in
> Timo Sirainen :
> I don't know if I'm doing something wrong, but I can't even cause a
> DoS. Even while all imap-login processes are eating 100% CPU (almost
> 500 handshakes/second), I can successfully log in with another client.
Are you using the tool linked to in the article, to stress th
On 25.10.2011, at 21.51, Timo Sirainen wrote:
> On 25.10.2011, at 21.13, Timo Sirainen wrote:
>
>>> Could the reason he hasn't found such a setting be that SSL renegotiate
>>> isn't supported at all in dovecot...?
>>
>> Looking at the OpenSSL code, I don't see any way to disable it. Or possibly
On 25.10.2011, at 21.13, Timo Sirainen wrote:
>> Could the reason he hasn't found such a setting be that SSL renegotiate
>> isn't supported at all in dovecot...?
>
> Looking at the OpenSSL code, I don't see any way to disable it. Or possibly
> with some undocumented kludgy way, but I don't reall
On 25.10.2011, at 14.38, Steinar Bang wrote:
>> Timo Sirainen :
>
>> Yes, SSL handshakes are extra. Although SSL supports some kind of
>> quick renegotiation too, but Dovecot doesn't support that yet. No
>> one's ever requested it..
Looks like it's not "renegotiation" but more like session
> Timo Sirainen :
> Yes, SSL handshakes are extra. Although SSL supports some kind of
> quick renegotiation too, but Dovecot doesn't support that yet. No
> one's ever requested it..
Hum... this article (in Norwegian)
http://www.digi.no/881186/skrekkverktoy-slaar-ut-%ABsikre%BB-servere
addres
10 matches
Mail list logo
