|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: smart anti flood tools
From: Wietse Venema (wietse
porcupine.org)Date: Wed Feb 02 2000 - 09:23:45 CST
- Next message: Terje Elde: "Re: smart anti flood tools"
- Previous message: Chris Horry: "Re: Forced delivery"
- In reply to: Bennett Todd: "Re: smart anti flood tools"
- Next in thread: KS: "Re: smart anti flood tools"
- Next in thread: Terje Elde: "Re: smart anti flood tools"
- Reply: Wietse Venema: "Re: smart anti flood tools"
- Reply: KS: "Re: smart anti flood tools"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Bennett Todd:
> 2000-02-02-09:50:37 Wietse Venema:
> > I think the mail flood stopper can be simpler than the
> > pop-before-smtp tool, for the simple reason that it is probably
> > sufficient if the tool only creates blocks; a companion tool would
> > remove blocks on request.
>
> I buy that.
>
> Anybody want to suggest criteria for defining what constitutes a
> mail flood? Once we know what we're looking for, we can try and
> invent an efficient way to spot it.
There's a time window, a message count and perhaps a byte count.
These would be configurable.
For each sender/client maintain a moving average; if the moving
average exceeds some limit the trap shuts. If the moving average
drops below some limit forget it.
So, you need a time window, and an upper and lower limit; in addition
you need a stop list for things that must not be blocked, ever.
Wietse
- Next message: Terje Elde: "Re: smart anti flood tools"
- Previous message: Chris Horry: "Re: Forced delivery"
- In reply to: Bennett Todd: "Re: smart anti flood tools"
- Next in thread: KS: "Re: smart anti flood tools"
- Next in thread: Terje Elde: "Re: smart anti flood tools"
- Reply: Wietse Venema: "Re: smart anti flood tools"
- Reply: KS: "Re: smart anti flood tools"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]