On Wed, 12 Oct 1994, That Whispering Wolf... wrote: > This does bring up an interesting idea for improvements to xinetd/inetd > or whatever, though -- Why not have a config option that you can set so > that if more than X number of requests for Y service were received from > Z host in A time, the service shut off requests from that host for > 5/10/15 minutes. Would that feature really be useful, and be worth the > overhead? Personally, -I- don't think so, but if your site comes under > regular attacks from such things, it may be a handy feep to have. Now, if > someone would just code it. *grin* Think it's been done already for some services like 'rusers'. Mind you, this is just a rumor. Your milage may vary. (In other words, I don't know if it's an rusers thing, an RPC thing, a portmapper thing, or an inetd thing.) I *do* know that init does it for respawning gettys. So, if a hardware failure causes getty to quit repeatedly, it doesn't chew cpu time. ObBug: The shell escape from 'crash' on SunOS... file descriptors are left open to /dev/kmem and /dev/mem, among other things. % crash dumpfile = /dev/mem, .... > !/bin/sh % strings <&9 >/tmp/out & % id .... egid=2(kmem) .... Ooops. I understated the problem. -- Charles Howes -- chowes@helix.net Always tell the truth, then you make it the other bloke's problem! - Sean Connery, 1971