[medusa] FTP Limits

[Amos Latteier]

One thing that's been discussed lately on the Zope list is the need for FTP
limits to prevent denial of service attacks.

The idea is that the server could be flooded with connections until it
could no longer accept new legitimate connections.

Right now it seems that Medusa's FTP server supports an authorizer object,
but there do not seem to be any pre-built limit checking authorizers.

I am looking for ideas on what sort of limits should be set, and how they
could be enforced. It was suggested that limits could be set for different
classes of users, for example, 'anonymous' users. This is slightly
difficult in Zope's case, since authentication information is distributed,
so the validity of a login cannot be verified without a directory in which
to verify it.

Thanks in advance for any pointers or experiences designing and
implementing FTP limits.

-Amos

P.S. For those of you not familiar with Zope, it is an Open Source web
application server which is using Medusa for HTTP and FTP services.
http://www.zope.org/

------------------------------------------------------------------------
eGroup home: http://www.eGroups.com/list/medusa
Free Web-based e-mail groups by eGroups.com