From mboxrd@z Thu Jan  1 00:00:00 1970
Message-ID: <edf6f74d40a57394b4def401e56abccb@proxima.alt.za>
To: 9fans@9fans.net
Date: Fri, 17 Apr 2009 13:36:45 +0200
From: lucio@proxima.alt.za
In-Reply-To: <96d0e4dc833935103aec6f07dcb61cba@quintile.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
Subject: Re: [9fans] security questions
Topicbox-Message-UUID: e01b4f82-ead4-11e9-9d60-3106f5b1d025

> Erik's mod would help, but add a seccond threshold where after 15 secconds
> you kill the proc failed the most fork() calls - the danger here is a spam
> storm may cause listen(1) to be killed.

You could put the rate limiting in listen(8) first, you may have
noticed that inetd(8) has this feature, at least in NetBSD, enabled by
default, in contravention of the POLA.

++L