Tcp listen limit.
Fabio Yasusi Yamamoto
fabio at hostname.org
Wed Jun 23 04:38:26 EST 2004
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi folks.
Please, someone confirm if i'm right. if i'm wrong, please forgive-me.
-
--------------------------------------------------------------------------------------------------------------
I've developed a little tool to stress test tcp connections.( Sending
syn and answer ack-syn ). that simuates a real tcp connection. (
http://www.hostname.org/fake_connect )
And i notice that severals programs have a little tcp ( listen
backlog? ) limit.
One of these program was OpenSSH. With this i can cause a temporary
DoS on SSHd preventing any user to log-on. ( sometimes the real
connection is closed , somethimes it does't response at all ( there
is no SYN-ACK ).
My target plataform was LINUX and FreeBSD.
- -
Here is my question:
~ It is possible in the configuration, to increase the connection
limit / listen backlog?
~ Why it is not by default?
- -
- -----------------------------------------
Before:
- -----------------------------------------
bash-2.05b# telnet 10.30.0.1 22
Trying 10.30.0.1...
Connected to 10.30.0.1.
Escape character is '^]'.
SSH-1.99-OpenSSH_3.7.1p2
After
- -----------------------------------------
bash-2.05b# telnet 10.30.0.1 22
Trying 10.30.0.1...
Connected to 10.30.0.1.
Escape character is '^]'.
Connection closed by foreign host.
On a massive stress:
bash-2.05b# telnet 10.30.0.1 22
Trying 10.30.0.1...
- -----------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFA2HyiJvNzrIPyS/wRAr3aAJ4kQVkWfuZCTdI7AZGX5obKlRcUPgCeIARt
p1Dag/O05RRwi84kCte+u/c=
=mvK3
-----END PGP SIGNATURE-----
More information about the openssh-unix-dev
mailing list