Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Web-App-Sec
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Dropping connection instead of returning 400

from [christopher] Network Security [Permanent Link]
Subject: RE: Dropping connection instead of returning 400
Date: Thu, 3 Mar 2005 15:26:34 -0800 (PST) 



Christopher,

 It seems like such a trivial measure that I don't think breaking the
spec is worth it. You seem to be concerned about the information

returned... well just return less. Don't 'break the spec' for

something so trivial.


Doing this in accordance to the spec in a pipeline is a bit more
complicated.  I am working on a blog entry that explains some of the
issues of proxying pipelines.  The primarily problem is determining the
number of requests you'll send to server before receiving a reply. 
Information needs to be buffered and queued in the proxy which is a
potential area for overrun failures.  This is not required by straight
through proxies like stunnel.  I'm going to implement this since everybody
is so keen on this, but I'm going to continue make dropping connection
optional.

I talked this issue over with a friend of mine that works at an anti spam
company, and they do exactly what I am proposing.  If they determine the
message is spam they drop connection immediately regardless of the SMTP
spec.  Also I see this as a similar to rejecting TCP/IP packets (ie
dropping them) which is common in TCP/IP firewalls, but not as friendly as
a denying them with a returned ICMP packet.


Christopher Baus
http://www.baus.net/
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Dropping connection instead of returning 400, Michael Silk
Next by Date:  RE: Preventing direct URL access in a J2EE environment, David Robert
Previous by Thread:  RE: Dropping connection instead of returning 400, Michael Silk
Next by Thread:  Re: Dropping connection instead of returning 400, Devdas Bhagat
Indexes:  [Date] [Thread] [Top] [All Lists]