Summary: TCP question

Ju-Lien Lim (julienlim@rocketmail.com)
Wed, 15 Oct 1997 17:58:00 -0700 (PDT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: shlam@ie.cuhk.edu.hk: "Summary updated: "Can't open /dev/rdiskette: Device busy" in mtools"
Previous message: Mark Lundy: "SUMMARY: root has no shell!"

My thanks to the following people for their assistance in answering my
question:
Glenn Satchell - Glenn.Satchell@uniq.com.au
chiem@azc.com
Swee-Chuan Khoo - sckhoo@asiapac.net
Benjamin Cline - benji@hnt.com

-------------
Question:
-------------
I'm looking for a way find out what the total number of open TCP/IP
connections that my Solaris 2.5.1 system is set up for. I checked
/etc/init.d/inetinit and did not see anything customized for it, and I
know the default is 5. How do I see what it's currently set, i.e.
what file should I check? I know I can use lsof and
especially ntop (available at
ftp://coombs.anu.edu.au/pub/net/ident/ntop1.18.tar.Z for those of you
who asked!!!) to find out; however, I was wondering if anyone can tell
me where I can get the ntop package for it (I've managed to get the
source for it but am unable to compile it just yet). Up to a few
patches before the latest set for 2.5.1, the following

/usr/sbin/ndd -set /dev/tcp tcp_conn_req_max 1024

in the file /etc/init.d/inetinit

worked in preventing denial of service attacks. Now, ndd doesn't take
the tcp_conn_req_max anymore and complains about it. Does anyone know
what the parameter is to increase the TCP listening queue?

------------
Solution:
------------
Patch 103582-11 is the reason for this.

The old paremeter setting didn't really prevent denial of service
attacks, it made them more difficult.

After the new patch, the denial of service fix is in the TCP code; the
two new tunables are
tcp_conn_req_max_q
tcp_conn_req_max_q0;

which is a split of the old one.

tcp_conn_req_max_q is a queue of established connection (which
successfully completed the 3way handshake; only if your server is slow
this queue can overflow). The value for this is 128, and you need not
worry about increasing it.

tcp_conn_req_max_q0 is a queue that handles connections of which only
the initial SYN was received; if it overflows, old entries in the
queue are dropped, so possibly valid connections will still get
through. The default is 1024, and you dont' really need to tune it
anymore.

ndd /dev/tcp tcp_conn_req_max_q
ndd /dev/tcp tcp_conn_req_max_q0

Thank you all.

Ju
julienlim@rocketmail.com

_____________________________________________________________________
Sent by RocketMail. Get your free e-mail at http://www.rocketmail.com

Next message: shlam@ie.cuhk.edu.hk: "Summary updated: "Can't open /dev/rdiskette: Device busy" in mtools"
Previous message: Mark Lundy: "SUMMARY: root has no shell!"