[Zope] - ZServer

Jim Fulton jim@digicool.com
Wed, 27 Jan 1999 08:45:54 -0500


Michel Pelletier wrote:
> 
> I noticed that when you FTP into ZServer it doesn't matter
> what userid or password you use, it allways says 'Login Successful'.
> Of course, your not authorized to see anything but your still
> logged in and there is still an open Medusa channel.  Couldn't this
> be a hole into a possible Denial of Service attack?

How is this different from anonymous FTP?
How do other servers limit denial of service attacks 
on anonymous FTP?  

Note that a medusa connection does not consume many 
resources and doesn't tie up the application
in any way.

Jim