Greg A. Woods wrote:
> I suspect you haven't actually measured the impact in real-world
> situations where the kind of "pounding" you're worried about is actually
> happening -- it's not nearly so big a deal as you're making it out to
> be, and indeed it's far less impact than the problem you're complaining
> about.
I have actually. So has a guy called Alan Brown (the chap who used to
run ORBS). Alan posted some pretty good stats on this on the
spam-l@??? list - archives are limited to members only,
but you can sign on and then grep the archives for Alan Brown delay_checks.
> Well on some badly abused high-performance systems I've seen more than
> one connection come and go per _second_. Holding a connection open for
> several minutes is overall only a tiny fraction of the resources
> required to handle 60-120 connections per second.
Yes, you do have a point there - but that open connection is a bit more
resource than something that looks for such IPs and nullroutes them
somewhere upstream of the box.
srs