> Last night, the machine completely stopped accepting connections on port > 80 to the web server. > tcp 0 0 205.164.146.26.80 146.94.1.2.2972 SYN_RCVD > tcp 0 0 205.164.146.26.80 146.94.1.2.2763 SYN_RCVD > It concerns me that one remote site can so easily completely block all > incoming tcp/ip connections on a port. Is this a kernel bug, or something > I can take some measure to prevent on this end? You can crank up the second argument to listen() in httpd WAY high, which will help with this. This is not a complete fix because there's also a kernel-imposed limit on the number of half-open connections, but it will get you the ability to tolerate more half-open connections before the server stops responding. In general there's no way to defend yourself against denial-of-service attacks..... this only gives you more headroom. -- Tom Fitzgerald 1-508-967-5278 Wang Labs, Billerica MA, USA fitz@wang.com