Re: tarpit


Subject: Re: tarpit
From: Wietse Venema (wietse@porcupine.org)
Date: Mon Aug 21 2000 - 16:31:35 CEST


In order to slow down a bad SMTP client, all that is needed is the
ability to execute an external command. That external command could
add the client to an access map, or it could configure a packet
filter rule to ignore SYN packets from the client.

There are so many ways to penalize a client that it is not practical
to hard-code them all in the Postfix source code.

This brings back fond memories of tcp wrappers, 10 years ago. The
ability to execute external commands was powerful, but it had to be
implemented very carefully in order to avoid security holes.

What holes? ftp://ftp.porcupine.org/pub/security/murphy.{txt,ps}.gz

        Wietse



This archive was generated by hypermail 2b25 : Tue Aug 22 2000 - 10:46:51 CEST