Jim Fulton wrote:
Michel Pelletier wrote:
I noticed that when you FTP into ZServer it doesn't matter what userid or password you use, it allways says 'Login Successful'. Of course, your not authorized to see anything but your still logged in and there is still an open Medusa channel. Couldn't this be a hole into a possible Denial of Service attack?
How is this different from anonymous FTP? How do other servers limit denial of service attacks on anonymous FTP?
There is the minor difference that anonymous FTP can be turned off, thus denying even making a connection. Also anonymous access is only granted for the anonymous uid with the option to verify with a password. With medusa I can login with joe:blow and still tie a line. Paul mentioned the throttling.
Note that a medusa connection does not consume many resources and doesn't tie up the application in any way.
Your right there, Medusa may be so darn fast that it won't matter, I'm going to experiment with a simple DOS script today, see if I can bring Medusa to it's knees. Michel
Jim