Hi, On Mon, May 12, 2003 at 11:58:53PM +0200, Bernd Eckenfels wrote: > On Mon, May 12, 2003 at 08:36:18PM +0200, Gerrit Pape wrote: > > I've written a short comparison before per host concurrency limits were > > added, see here if you're interested: > > http://article.gmane.org/gmane.comp.misc.pape.general/293 > > PErsonally I think "Class" concurrency is a nice feature, too, since it > allows to detect some forms of DDOS agents. Interesting. I've created a patch for tcpserver that counts the number of connections for each source address in the last x seconds, i.e. without looking at concurrent connections. It then provides this count in an extra environment variable to the child it spawns, so you can implement rate limiting. If anybody's interested, I'll put it on the web soon. I used it together with a tarpit patch to limit the total mail output for a mail relay to a certain average. Cheers, Emile. -- E-Advies - Emile van Bergen emile@e-advies.nl tel. +31 (0)70 3906153 http://www.e-advies.nl
Attachment:
pgpyYe45niFIs.pgp
Description: PGP signature