Seth Goodman wrote:
I am arguing that it is a useless
DDoS mechanism because it is trivial to terminate by refusing any
MAIL FROM:<> connection request.
As trivial as turning off mail altogether; but hardly a realistic solution.
Not accepting null envelope senders will get you listed in RFC-ignorant.
Terminating those connections does
take some resources, but it's not crippling.
You cripple your own mail, as you no longer can receive legitimate DSN
messages. All before you get yourself blacklisted, that is.
This may be annoying
but it won't knock anyone off the net,
It is a certified way of knocking yourself off the net. :)
I don't think CBV's are abusive.
Here is where I agree with you. As well as with the AOL point of view that
there are far more effective ways to doing a dos than using CBVs. Simply
put, every sort of connection you are allowed to make, and make multiple
times, can be used to create an attack. No need to ditch CBVs for that.
- Mark
System Administrator Asarian-host.org
---
"If you were supposed to understand it,
we wouldn't call it code." - FedEx