Tcp listen limit.

Fabio Yasusi Yamamoto fabio at hostname.org
Wed Jun 23 04:38:26 EST 2004


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi folks.

Please, someone confirm if i'm right. if i'm wrong, please forgive-me.

- 
--------------------------------------------------------------------------------------------------------------
I've developed a little tool to stress test tcp connections.( Sending
syn and answer ack-syn ). that simuates a real tcp connection. (
http://www.hostname.org/fake_connect  )

And i notice that severals programs have a little tcp ( listen
backlog? ) limit.

One of these program was OpenSSH.  With this i can cause a temporary
DoS on  SSHd preventing any user to log-on. ( sometimes the real
connection is closed , somethimes it does't response  at all ( there
is no SYN-ACK ).

My target plataform was LINUX and FreeBSD.

- -
Here is my question:
~    It is possible in the configuration, to increase the connection
limit / listen backlog?
~    Why it is not by default?
- -

- -----------------------------------------
Before:
- -----------------------------------------
bash-2.05b# telnet 10.30.0.1 22
Trying 10.30.0.1...
Connected to 10.30.0.1.
Escape character is '^]'.
SSH-1.99-OpenSSH_3.7.1p2

After
- -----------------------------------------

bash-2.05b# telnet 10.30.0.1 22
Trying 10.30.0.1...
Connected to 10.30.0.1.
Escape character is '^]'.
Connection closed by foreign host.


On a massive stress:
bash-2.05b# telnet 10.30.0.1 22
Trying 10.30.0.1...
- -----------------------------------------



-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFA2HyiJvNzrIPyS/wRAr3aAJ4kQVkWfuZCTdI7AZGX5obKlRcUPgCeIARt
p1Dag/O05RRwi84kCte+u/c=
=mvK3
-----END PGP SIGNATURE-----




More information about the openssh-unix-dev mailing list