446

About blocking connections in MDaemon

About blocking connections in MDaemon

There's no way MDaemon can 'block' connections.  MDaemon has to accept the connection and process it (at least a little) before it can determine that it shouldn't have accepted the connection nor processed it.  Firewalls are the place where connections can be safely blocked/prevented from entering your network.  Software apps like MDaemon just aren't up to the job.  MDaemon must accept the connection, test against it, and then drop it but there's no way it can really block it.  Honestly, by the time the connection attempt has snaked its way into your network so far as to actually be talking to an application like MDaemon it's already far too late to block.

What MDaemon can do though is detect connections from undesirable sources and cut off any *further* consumption of resources - but only those resources that the particular machine upon which MDaemon resides would have otherwise allocated.  That's better than a zero benefit, but not by much.  Regardless, sometimes this is the best that can be accomplished (for example, when folk don't know even if they have a firewall; never-mind how to configure it, or when attacks are coming from sources that can't be predicted in advance - although many firewalls have techniques to mitigate against this threat as well).  Anyway, when 'blocking' at the application layer is good enough, the dynamic screening/IP screening stuff helps.