Re: [Sqlgrey-users] RELEASE: 1.5.9 + with throttling

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Le Mardi 07 Juin 2005 18:47, Lionel Bouton a =E9crit :
>
> SQLgrey 1.5.9 tarball is on sourceforge [...]

Hi there,

My "connect throttling" and "connect cleanup" patches have been tested he=
re=20
and seem to be working very fine. Please find attached the complete patch=
=20
against 1.5.9.

I've produced 1.5.9 RPMs including this patch, available from=20
http://www.bouissou.net/sqlgrey/

Some sample of working throttling, taken from my logs:

Jun  8 02:30:29 totor sqlgrey: grey: new: 24.208.114.197,=20
fzj...@bu... -> da...@bo...

Jun  8 02:30:30 totor sqlgrey: grey: new: 24.208.114.197,=20
fzj...@bu... -> cl...@bo...

Jun  8 02:30:31 totor sqlgrey: grey: new: 24.208.114.197,=20
fzj...@bu... -> fi...@bo...

Jun  8 02:30:31 totor sqlgrey: grey: new: 24.208.114.197,=20
fzj...@bu... -> ad...@bo...

Jun  8 02:30:31 totor sqlgrey: grey: new: 24.208.114.197,=20
fzj...@bu... -> ope...@bo...

Jun  8 02:30:34 totor sqlgrey: grey: throttling: 24.208.114.197,=20
fzj...@bu... -> ch...@bo...

Jun  8 02:30:39 totor sqlgrey: grey: throttling: 24.208.114.197,=20
fzj...@bu... -> al...@bo...

Jun  8 02:30:44 totor sqlgrey: grey: throttling: 24.208.114.197,=20
fzj...@bu... -> ad...@bo...

Jun  8 02:30:55 totor sqlgrey: grey: throttling: 24.208.114.197,=20
fzj...@bu... -> ad...@bo...

Jun  8 02:31:02 totor sqlgrey: grey: throttling: 24.208.114.197,=20
fzj...@bu... -> ic...@bo...

Jun  8 02:31:07 totor sqlgrey: grey: throttling: 24.208.114.197,=20
fzj...@bu... -> ca...@bo...

Jun  8 02:31:13 totor sqlgrey: grey: throttling: 24.208.114.197,=20
fzj...@bu... -> aa...@bo...

Jun  8 02:31:19 totor sqlgrey: grey: throttling: 24.208.114.197,=20
fzj...@bu... -> de...@bo...

...and I have several of the kind.

I think that throttling may not only save space in connect, but also help=
=20
prevent some zombies (that tries random addresses from a dictionary or=20
infected machine's address book) from being able to pass thru greylisting=
 in=20
the end : By limiting the number of waiting entries for a given source in=
=20
connect, we reduce the chances that a random new try from the same source=
=20
matches a previous attempt, thus effectively improving the system's=20
efficiency.

Lionel, would you consider integrating this into the mainstream SQLgrey ?=
 As=20
throttling is completely optional, "it doesn't hurt anyway", and somebody=
 who=20
doesn't want the feature can just ignore it.

Cheers.

--=20
Michel Bouissou <mi...@bo...> OpenPGP ID 0xDDE8AC6E