At 11:07 AM -0700 2002/09/17, Scott Francis wrote:
Much more complex to implement and manage; doesn't scale well. The fewer decisions the anti-spam system has to make, the better it will work. If it only has to decide whether or not a specific IP/port combination has exceeded a certain threshold, it will run much more smoothly than if it's examining the contents of each packet.
Indeed, that will be a lot more scalable. But if you still have to look into each packet to see which ones are link encrypted (and therefore should be left alone) and which ones aren't (and therefore should be transparent proxied and/or traffic-shaped), that is quite a bit more work. The question is how much abuse is too much? Is it okay to allow all open port 25 connections (traffic-shaped to low average bit-rates), or is any abuse too much? -- Brad Knowles, <brad.knowles@skynet.be> "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -Benjamin Franklin, Historical Review of Pennsylvania. GCS/IT d+(-) s:+(++)>: a C++(+++)$ UMBSHI++++$ P+>++ L+ !E W+++(--) N+ !w--- O- M++ V PS++(+++) PE- Y+(++) PGP>+++ t+(+++) 5++(+++) X++(+++) R+(+++) tv+(+++) b+(++++) DI+(++++) D+(++) G+(++++) e++>++++ h--- r---(+++)* z(+++)