[tech] hydra
Adrian Chadd
adrian at creative.net.au
Sun Sep 2 01:16:09 WST 2001
On Sat, Sep 01, 2001, James Andrewartha wrote:
> On Sat, 1 Sep 2001, Adrian Chadd wrote:
>
> > On Sat, Sep 01, 2001, James Andrewartha wrote:
> > > Oh ok. There a dump of the current set and the set dunc saved at the time
> > > of Bryden's DoS, in ~trs80/ip_conntrack-2001-09-01-1826 and
> > > ~trs80/ip_conntrack-DNS-DoS respectively.
> >
> > Right. Is it happening again?
> > Grr, you'd think that Linux would just time out 'older' connections
> > to deal with a DoS or some broken resolver like what happened.
> > Oh well. :-)
> It's not happening again, /proc/net/ip_conntrack is just a list of the
> currently tracked connections. It varies depending on how much people are
> using the network. As for preventing it from happening again, there's a
> fine line between a DoS and an heavily loaded server. Presumably if you
> were normally dealing with a lot of connections you'd have a beefier
> router, but once you reach the limit perhaps the timeout on existing
> connections could be reduced or something.
Well, you'd think that it would timeout the least active ones to
try and deal with the abuse.
I think FreeBSD might do that. Hell, you could just run the userland
natd under FreeBSD and have the NAT table paged out to disk.. :-)
Adrian
>
> --
> "There's nobody getting rich | TRS-80 UCC Treasurer
> writing software that I | Email: trs80(a)ucc.gu.uwa.edu.au
> know of" - Bill Gates, 1980 | Web: http://trs80.ucc.asn.au/
>
>
--
Adrian Chadd Yeah, for me its (XML) like the movie Titanic.
<adrian at creative.net.au> Everybody loves it.
I want to be different, so I hate it.
--Duane Wessels
More information about the tech
mailing list