Couldn't you just compile sendmail with tcp_wrapper support, and have a script parsing your logs so that if someone manages to get n # of pokes at your system then their Ip address and/or DNS server will be placed in the hosts.deny. Then as an admin you remove those that need to be removed after the problem user has been properly slapped or you could possibly run an automatic removal of k # of hours (or days). I think some of our good programmers out there could easily write up something thtat will help prevent these users from even getting to sendmail and causing it to fork or anything. Anything I am missing here? Scott On Tue, 9 Mar 1999 Valdis.Kletnieksat_private wrote: > On Tue, 09 Mar 1999 09:36:04 PST, you said: > > Perhaps someone with better sendmail experience could come up with an idea > > to automatically disconnect connections that are issuing more than 25 VRFY > > statements at a time? > > Wrong solution. They'll just reconnect and try another 25. All you've bought > then is an extra fork() of the sendmail daemon every 25 pokes. Remember, > these people don't give a s**t if they waste your resources... > > Maybe what's needed is a new ioctl on a socket, so you can do this: > > if (vrfy_cnt > 25) { > ioctl(net_socket,SO_NOSENDFIN); > clkose(net_socket); > } > > so you can free up the socket at YOUR end, and intentionally fail to > send the FIN packet, so the OTHER end gets to wait for a timeout. > > Yes, yes, yes, I *KNOW* it's Evil and Against The RFCs. But it's tempting. ;) > > -- > Valdis Kletnieks > Computer Systems Senior Engineer > Virginia Tech > >
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:38:31 PDT