Bugtraq mailing list archives

Re: denial of service attack possible

From: darrell () teleport com (Darrell Fuhriman)
Date: Fri, 27 Oct 1995 09:53:18 -0700


On Fri, 27 Oct 1995, Mark Thomas wrote:

If anyone has any more specifics on this problem, please let me know.  When
the server is healthy netstat indicates a couple SYN_RCVD state services, but
they never last from one netstat command to another for the same remote IP.


SunOS 4.1.4 only allows five listen()s to be quueud up per port.  (You can
put any number in the function call it's quietly set to five anyway.)
Solaris 2.4 allows 32 queued, 2.5 will allow 1024.  Don't expect Sun to
be doing anything with 4.1.4 to fix it though.  It's hard enough to get a
syslog patch out of them.  :(

One possible way to fix it, is to try turning on SO_KEEPALIVE, and
turning down tcp_keepintvl in the kernel (150 seconds is default).

No guarantees though.

Darrell Fuhriman

Current thread:

Re: Sendmail 8.7, 8.7.1, (continued)
- - - Re: Sendmail 8.7, 8.7.1 SnoCrash (Oct 10)
    - Re: Sendmail 8.7, 8.7.1 Andrew Cameron (Oct 10)
    - Netscape problems (again)... Jay 'Whip' Grizzard (Oct 10)
    - s-bits disappear ? Bernd Lehle (Oct 11)
    - Re: s-bits disappear ? Neil Readwin (Oct 12)
    - Sun's Loadmodule Patch Neil Woods (Oct 18)
    - FW: WinNews Special Issue Scott Chasin (Oct 22)
    - SunOS 5.5 Beta Aleph One (Oct 24)
    - denial of service attack possible Mark Thomas (Oct 26)
    - Re: denial of service attack possible Darren Reed (Oct 27)
    - Re: denial of service attack possible Darrell Fuhriman (Oct 27)
    - Re: denial of service attack possible Tom Fitzgerald (Oct 27)
    - Re: denial of service attack possible Michael R. Widner (Oct 27)
    - Re: denial of service attack possible Nathan Lawson (Oct 27)