[Top] [All Lists]

Re: Abort data transfer?

2009-10-21 14:25:39

John R Levine writes:
This doesn't deal with the case where the data never stops.

In all the years I've been running mail servers, I don't ever recall seeing a sender that never stopped. How often have you seen one?

Once. A windows box in the UAE, if I remember correctly. It connected, sent MAIL FROM and RCP TO, got a 50x, disconnected, and tried again five minutes later. When I noticed it, it had been doing so for as long as I had logs, probably 99 weeks.

No, I meant where the data in a single DATA connection never stops, since that is the alleged problem that this argument is about.

Oh, sorry. I think of all these attack variations as interchangeable since the attacker can change the attack so easily.

If, as I suspect, it has never happened in the entire history of the Internet, why in the world is anyone wasting time worrying about it?

It has been discussed several times, I even remember a flamewar. The outcomes, AFAICR, always tended towards "if resource (ram/disk/cpu) usage is the problem, resource usage is the thing to watch" or "use setrlimit". That is, who cares whether the problem is long RCPT lines, many of them, long BODY, many concurrent connections tying up resources just below your administrative limit, or some x*y*z combination: just watch for unacceptable resource usage.

The scenario you describe is rare enough and has little enough impact that you could deal with it by hand.

Yes. I wish I had more problems that go harmlessly unnoticed for a year or more.


<Prev in Thread] Current Thread [Next in Thread>