mina-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Julien Vermillard <jvermill...@archean.fr>
Subject ConnectionThrottleFilter
Date Thu, 06 Nov 2008 17:46:26 GMT
I'm reviewing some filters.

First one the ConnectionThrottleFilter.

When a client connect it's storing the connection time so if it tries
to reconnect too fast the session is closed directly after the opening.
The goal is to prevent denial of service (DoS).

But if you accept the session (opening) you send all the TCP soup
for opening/accepting the socket connection, and if you close the
session directly you send all the TCP soup for closing the socket
connection. I hardly can imagine it can protect you from any DoS. 

It's a very low-level job for a firewall no ?

If it can have some use, I'm ready to don't delete it. I already
refrained myself on the VmPipe ;)

Julien

Mime
View raw message