FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora Directory

 
 
LinkBack Thread Tools
 
Old 10-19-2010, 10:11 AM
Gerrard Geldenhuis
 
Default Safeguarding against to many established connections

Hi
We have recently seen an issue were a single client opened up more than 800 established connections to our directory server. The client did have the proper settings configured and should have closed connections but it did'nt. Is there a way to limit the amount of connections per client or close connections from the server side after a certain period? Without just making the amount of connections ridicuosly high on the directory server how can you safeguard against rogue clients.

Our client setting is as follows:
idle_timelimit 5
timelimit 10
bind_timelimit 5

We were unable to log into client and it had file system issues so we could not do any further analyses there.

I suspect that solutions to this problem probably falls outside of what can be configured in 389?

Regards

__________________________________________________ ______________________
In order to protect our email recipients, Betfair Group use SkyScan from
MessageLabs to scan all Incoming and Outgoing mail for viruses.

__________________________________________________ ______________________
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 
Old 10-19-2010, 10:16 AM
Daniel Maher
 
Default Safeguarding against to many established connections

On 10/19/2010 12:11 PM, Gerrard Geldenhuis wrote:
> Hi
> We have recently seen an issue were a single client opened up more than 800 established connections to our directory server. The client did have the proper settings configured and should have closed connections but it did'nt. Is there a way to limit the amount of connections per client or close connections from the server side after a certain period? Without just making the amount of connections ridicuosly high on the directory server how can you safeguard against rogue clients.
>
> Our client setting is as follows:
> idle_timelimit 5
> timelimit 10
> bind_timelimit 5
>
> We were unable to log into client and it had file system issues so we could not do any further analyses there.
>
> I suspect that solutions to this problem probably falls outside of what can be configured in 389?

While it's not a 389-specific suggestion, iptables could easily solve
this problem for you across the board.


--
Daniel Maher <dma + 389users AT witbe DOT net>
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
 

Thread Tools




All times are GMT. The time now is 01:19 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org