[Operators] DDoS attacks against jabber.org

Mathias Ertl mati at fsinf.at
Fri Feb 7 08:40:40 UTC 2014


On Fri, Feb 07, 2014 at 08:05:12AM +0000, David Banes wrote:
> In my view this is the correct approach (block s2s communication) and
> mirrors the behaviour in the SMTP world. It's the way I run SMTP/XMPP
> platforms so I'd expect others to do the same.

As a last resort, this is of course the right approach. But rate-limiting
s2s connections in general as well limiting cross-server traffic for a
single account should be in place/possible as well, something many servers
are not so good at *whining*.

> Quite simply if you see a badly behaving server/IP you block it until the
> owner has rectified the situation.   Yes this upsets some users on the
> server(s) that is blocked but that's fine, they can apply pressure on the
> owner to fix it or take their 'business' elsewhere.
> Doing this will weed out the problem operators and clean up our network.

I agree but I have to point out that there is no mechanism (that I know of?)
to notify administrators of the situation. With mail, you at least have
postmaster at domain.tld, where mailadmins are supposed to look at. There is
no reason or requirement to subscribe to this mailinglist (nor should there

greetings, Mati

I only read plain text mail! I prefer pgp|gpg signed & encrypted mails!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://mail.jabber.org/pipermail/operators/attachments/20140207/f4db0bf8/attachment.pgp>

More information about the Operators mailing list