Re: denial of service attack possible

Tom Fitzgerald (fitz@wang.com)
Fri, 27 Oct 1995 13:51:14 EDT

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Michael R. Widner: "Re: denial of service attack possible"
Previous message: Casper: "csh denial of service attack"
In reply to: Mark Thomas: "denial of service attack possible"
Next in thread: Michael R. Widner: "Re: denial of service attack possible"

> Last night, the machine completely stopped accepting connections on port
> 80 to the web server.

> tcp        0      0  205.164.146.26.80      146.94.1.2.2972        SYN_RCVD
> tcp        0      0  205.164.146.26.80      146.94.1.2.2763        SYN_RCVD

> It concerns me that one remote site can so easily completely block all
> incoming tcp/ip connections on a port.  Is this a kernel bug, or something
> I can take some measure to prevent on this end?

You can crank up the second argument to listen() in httpd WAY high, which
will help with this.  This is not a complete fix because there's also a
kernel-imposed limit on the number of half-open connections, but it will
get you the ability to tolerate more half-open connections before the
server stops responding.

In general there's no way to defend yourself against denial-of-service
attacks.....  this only gives you more headroom.

--
Tom Fitzgerald   1-508-967-5278   Wang Labs, Billerica MA, USA   fitz@wang.com

Next message: Michael R. Widner: "Re: denial of service attack possible"
Previous message: Casper: "csh denial of service attack"
In reply to: Mark Thomas: "denial of service attack possible"
Next in thread: Michael R. Widner: "Re: denial of service attack possible"