[wplug] users sending to wrong email address
Alexandros Papadopoulos
apapadop at alumni.cmu.edu
Thu Jan 3 17:20:08 EST 2008
On Thursday 03 January 2008 20:12, Christopher DeMarco wrote:
<snip>
> to timeout. I guess that one reason for silently dropping
> connections, though, is to cost attackers time in portscanning. It's
> a teergrube.
...which is a risk/cost worth taking. Slowing down illegitimate network
traffic is the only first-responder action every node should perform and
makes the life of legit connections marginally harder.
The CPU hours wasted on nonexistent sockets are a very small price to pay for
a few more minutes of Internet survivability against a flash worm.
See LaBrea for an excellent piece of code that does just that - slows things
down :-)
Cheers
-A
More information about the wplug
mailing list