On Thu, 17 Nov 2005, mouss wrote:
Roger Taranto a écrit :
If it didn't tie up sockets on our machines, it seems like instead of
rejecting the mail, we should just hold on to the mail connection for as
long as possible. It wouldn't take too long to tie up all of their
outbound connections and back up their mail server. Unfortunately, it
punishes our mail servers, too. :(
one way for that would be to "pass the descriptor" to a light process that
will only keep them connected. for example setting the tcp window to zero.
now, this would only be safe if you modify the tcp stack to do that without
keeping too much infos.
On the other hand, they have so much bandwidth/power available via zombies
that this seems like playing a self-dos game.
Could this approach be effective if the number of such connections
were limited to a manageable number at any individual site, but it
was implemented by a great number of admins?
--
Theodore (Ted) Heise <[EMAIL PROTECTED]> Bloomington, IN, USA
