[tech] hydra
James Andrewartha
trs80 at ucc.gu.uwa.edu.au
Sat Sep 1 21:10:18 WST 2001
On Sat, 1 Sep 2001, Adrian Chadd wrote:
> On Sat, Sep 01, 2001, James Andrewartha wrote:
> > Oh ok. There a dump of the current set and the set dunc saved at the time
> > of Bryden's DoS, in ~trs80/ip_conntrack-2001-09-01-1826 and
> > ~trs80/ip_conntrack-DNS-DoS respectively.
>
> Right. Is it happening again?
> Grr, you'd think that Linux would just time out 'older' connections
> to deal with a DoS or some broken resolver like what happened.
> Oh well. :-)
morwong:~> wc -l ip_conntrack-*
80 ip_conntrack-2001-09-01-1826
7138 ip_conntrack-DNS-DoS
It's not happening again, /proc/net/ip_conntrack is just a list of the
currently tracked connections. It varies depending on how much people are
using the network. As for preventing it from happening again, there's a
fine line between a DoS and an heavily loaded server. Presumably if you
were normally dealing with a lot of connections you'd have a beefier
router, but once you reach the limit perhaps the timeout on existing
connections could be reduced or something.
--
"There's nobody getting rich | TRS-80 UCC Treasurer
writing software that I | Email: trs80(a)ucc.gu.uwa.edu.au
know of" - Bill Gates, 1980 | Web: http://trs80.ucc.asn.au/
More information about the tech
mailing list