On Tue, Jul 27, 2010 at 6:30 PM, Martin Lucina <[email protected]> wrote:
> These days this kind of thing is generally out of the control of the > application and handled by administrators using firewall rules. Uhm, firewalls are obviously necessary defense for certain kinds of attack, but they generally can't handle clients that send malformed requests indicating infection or hostile intent. A smart HTTP server checks for known attacks (proxy probes, invalid paths, SQL injections, over-long requests, too many concurrent requests) and adds such clients' IP addresses to a black list. It does not continue to accept them, that would pollute logs. It cannot get firewall assistance for this. Any Internet scale service using 0MQ is going to have to be able to temporarily or permanently reject incoming connections on random criteria. Trivial example: 0MQ XREQ client that makes endless new connections to a 0MQ XREP server, specifying new identities each time. Server crashes. Firewall looks on in amusement. -Pieter _______________________________________________ zeromq-dev mailing list [email protected] http://lists.zeromq.org/mailman/listinfo/zeromq-dev
