P.S. Another attack we're seen in the field a couple of times is the
"send one byte every few seconds and keep lots of connections open" one.
In fact if our experience is representative (I have no idea if it is or
not) this is actually more of a concern.
That I can believe. The infamous Ron Guilmette had an amazing tarpit MTA
about a decade ago that used that technique to keep 4000 simultaneous
connections open, running on a 486. But since the rise of botnets,
tarpitting lost whatever effectiveness it might have had, so I don't know
of anyone still doing it.
John Levine, johnl(_at_)taugh(_dot_)com, Taughannock Networks, Trumansburg NY
"I dropped the toothpaste", said Tom, crestfallenly.