Re: [389-users] Safeguarding against to many established connections

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

On 10/19/2010 12:11 PM, Gerrard Geldenhuis wrote:
> Hi
> We have recently seen an issue were a single client opened up more than 800 established connections to our directory server. The client did have the proper settings configured and should have closed connections but it did'nt. Is there a way to limit the amount of connections per client or close connections from the server side after a certain period? Without just making the amount of connections ridicuosly high on the directory server how can you safeguard against rogue clients.
> Our client setting is as follows:
> idle_timelimit                  5
> timelimit                       10
> bind_timelimit                  5
> We were unable to log into client and it had file system issues so we could not do any further analyses there.
> I suspect that solutions to this problem probably falls outside of what can be configured in 389?

While it's not a 389-specific suggestion, iptables could easily solve 
this problem for you across the board. :)

Daniel Maher <dma + 389users AT witbe DOT net>
389 users mailing list

[Fedora Directory Devel]     [Fedora Announce]     [Fedora Legacy Announce]     [Home]     [Fedora Tools]     [Kernel]     [Fedora Legacy]     [Share Photos]     [Fedora Desktop]     [PAM]     [Red Hat Watch]     [Red Hat Development]     [Red Hat 9 Bible]     [Red Hat 9]     [Big List of Linux Books]     [Gimp]     [Yosemite News]

Add to Google