[plug] UNIX - RISKS
David Buddrige
david.buddrige at mitswa.com.au
Mon Feb 22 13:36:36 WST 1999
Is this a Unix issue or is it a web-server issue? How is this any
different using alternative OS's to Un*x? Sounds like it is a problem
with providing any internet live server such as a web-server.
Presumably though there would be ways of solving the problem... perhaps
if you've identified where the packets causing the DoS are coming from,
simply reject all packets from that IP/Domain. you could do this using
a packet sniffer.
regards
Dave.
Paul Wilson wrote:
>
> > From: Christian <again at global.net.au>
> > On Mon, 22 Feb 1999, David Buddrige wrote:
> > > Furthermore those connections almost certainly have a timeout after
> > > which it will be dropped - so opening a connection and not transmitting
> > > any data would not work either.
> >
> > I think that's part of the issue - the timeout for TCP is long enough
> that
> > you can keep the number of processes running at a sufficiently high level
> > to prevent creation of new ones.
>
> There's a recognised DoS attack against web servers that relies on this
> timeout. Make connections to the considerably faster than the timeout will
> collapse the 'unused' ones, and your machine will grind to a halt. It
More information about the plug
mailing list