Re: sudden (and selective) autism
On Tue, Apr 29, 2003 at 09:42:11AM -0700, Matt Perry wrote:
> On Sat, 19 Apr 2003, Jim McCloskey wrote:
>
> > A little checking quickly revealed that the connection requests that
> > were being refused were all and only those dealt with by services
> > started by inetd
> [snip]
> > The file /etc/inetd.conf seemed unchanged, but the logs had this at 10
> > minute intervals:
>
> If inetd receives too many connections within a 1 minute period, it will
> cut off service for 10 minutes. Apparently this is a "feature" to limit
> memory usage or something. Someone was probably exploiting this to cause
> a DoS on your machine.
The default value for "too many connections" is 40 in a 60 second
period. For many services (like BOOTP or TFTP on a larger network)
this is not enough.
Fortunately, you can solve this problem in inetd.conf: append a dot
('.') to the 'wait' or 'nowait' parameter followed by the
max-connections limit.
wait.240
sets the limit to 240 connections per minute, or 4 per second on
average.
--
Nathan Norman - Incanus Networking mailto:nnorman@incanus.net
Liberty may be endangered by the abuses of liberty as well as by
the abuses of power.
-- James Madison
Reply to: