[At last kernel related!]
This brings me to an interesting point...
We need a tcp-wrapper solution half in/half out of the kernel. Why you
say? Well, if the kernel has the tcpd controlls or tcpd can get high enough
in the IP stack then it can do all sorts of evil IP level tricks:
- Block the connection all together (silently drop the syn)
(ICMP dest unreachable)
- Evil force close of the socket (i.e. silently close the socket)
[this is where all those FIN_WAITs come from]
- Intentionally drop packets... (give them _less_ than UDP priority)
("He's sending packets too fast... drop 'em")
- Artifically reduce the throughput...
- Impose absolute byte limits... (per IP, per connect, etc.)
...
I invision this for sendmail:
<connection on port 25/unrestricted>
<<<[Banner]
>>>EHLO [domain] <we don't really have to care about that>
<<<[crap]
>>>MAIL FROM: <blah> <we don't like blah>
<connection silently terminated/no message from sendmail/no IP FIN>>
The connection can be dropped anywhere from verification of the helo to the
'.' terminating the data [after hours of sending data at bytes per minute
speeds :-)]
--Ricky