Does ASSP also stop such trickle attacks? I'd rather use ASSP for all my anti-spam than have to implement postscreen.
If not, would it be worth adding to ASSP? Thanks, James. Begin forwarded message: > From: Wietse Venema <wie...@porcupine.org> > Date: 28 January 2011 3:08:12 AM AEDT > To: Postfix users <postfix-us...@postfix.org> > Subject: Work-in-progress: trickle attack defense > Reply-To: Postfix users <postfix-us...@postfix.org> > > > I added the following entry to the wip.html file on the Postfix website. > > Wietse > > Trickle attack defense > > Trickle attacks are old, but have received attention recently in > the context of web servers. The idea is that an attacker sends a > request slowly, for example, one byte at a time. Since many servers > implement per-read time limits, instead of per-transaction time > limits, an attacker can keep a connection busy for a very long > time. Namely, the maximum number of seconds before a read operation > times out, multiplied by the maximum number of bytes per transaction, > multiplied by the maximum number of transactions. > > The postscreen daemon, available with Postfix 2.8 and later, already > implements time limits to receive one complete SMTP command line. > Postscreen uses a default time limit of 300s for RFC compliance, > but it will switch to a 10s limit under overload conditions. > Postscreen never receives mail, so this is a complete solution. > > The rest of Postfix still uses per-read time limits, instead of > per-line time limits. Support for per-line time limits is currently > tested in Postfix 2.9. This solves most of the problem; it limits > the time to receive one complete SMTP command line, but it does > not yet limit the total amount of time to receive the content of > an email message. Instead, use the existing spam blocking mechanisms > to reject mail before the SMTP "DATA" command. > > Once the code has proven itself it will be made available with > Postfix 2.8.1. Optional patches may be made available for earlier > Postfix releases. The whole thing is implemented in very little > code in the lowest-layer Postfix routines. With per-line time > limits, Postfix behaves exactly in the same way as before, except > when someone trickles the bytes. ------------------------------------------------------------------------------ Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)! Finally, a world-class log management solution at an even better price-free! Download using promo code Free_Logger_4_Dev2Dev. Offer expires February 28th, so secure your free ArcSight Logger TODAY! http://p.sf.net/sfu/arcsight-sfd2d _______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
