Re: Abort data transfer?


David MacQuigg wrote:

100KB seems like a sensible size chunk. No need for a separate processmonitoring the reply channel. No need to wait to make sure there is noREJECT on each chunk. A full handshake is not required. Just don'tignore any REJECTS that are sent.

Unfortunately David, as always, it is the bad guys using legacy SMTPclient software for these DATA attacks could not be restricted by anynew graceful control logic.

The force disconnect (drop) is all we have but that has an implicit451 reply code for the client.

I can only see some form of learning or behavior tracking toselectively use a drop.

For example, if an client shows extended client mode by using a returnpath SIZE= attribute and it exceeds this size in the data transfer,then that might be a trigger for bad behavior tracing.


--
Sincerely

Hector Santos
http://www.santronics.com

<Prev in Thread]	Current Thread	[Next in Thread>
Re: Abort data transfer?, (continued) Re: Abort data transfer?, David MacQuigg RE: Abort data transfer?, Murray S. Kucherawy Re: Abort data transfer?, David MacQuigg Re: Abort data transfer?, Hector Santos RE: Abort data transfer?, Murray S. Kucherawy Re: Abort data transfer?, Dave CROCKER RE: Abort data transfer?, ned+ietf-smtp Re: Abort data transfer?, Paul Smith Re: Abort data transfer?, ned+ietf-smtp Re: Abort data transfer?, David MacQuigg Re: Abort data transfer?, Hector Santos <= Re: Abort data transfer?, Paul Smith Re: Abort data transfer?, John C Klensin Re: Abort data transfer?, ned+ietf-smtp Re: Abort data transfer?, Arnt Gulbrandsen Re: Abort data transfer?, Hector Santos Re: Abort data transfer?, Hector Santos

Previous by Date:	Re: Abort data transfer?, David MacQuigg
Next by Date:	Re: Abort data transfer?, John R Levine
Previous by Thread:	Re: Abort data transfer?, David MacQuigg
Next by Thread:	Re: Abort data transfer?, Paul Smith
Indexes:	[Date] [Thread] [Top] [All Lists]