[unisog] IPS

Valdis.Kletnieks at vt.edu Valdis.Kletnieks at vt.edu
Wed Feb 9 20:12:46 GMT 2005


On Wed, 09 Feb 2005 13:25:30 CST, Ken Connelly said:
> Hunt,Keith A wrote:

> >I have been wondering about the implications of dropping an SMTP session
> >like this. Could you expound on why you think this is not a good idea?
> >  
> >
> Because if it's a bonafide server, the remote end will just start the 
> SMTP session over again in 30 or 60 (or more) minutes.

Even more importantly, there are bona fide servers out there running broken
software that *fails* to wait the RFC-suggested 30-to-60, and retries right
away.  So you suddenly get literally thousands of connections an hour as the
other end does the fail/retry over and over.  LSoft's LSMTP product is one
product that has had lots of issues in this area.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/unisog/attachments/20050209/ab8a908a/attachment-0002.bin


More information about the unisog mailing list