Summary: TCP question

From: Ju-Lien Lim (julienlim@rocketmail.com)
Date: Wed Oct 15 1997 - 19:58:00 CDT


My thanks to the following people for their assistance in answering my
question:
     Glenn Satchell - Glenn.Satchell@uniq.com.au
     chiem@azc.com
     Swee-Chuan Khoo - sckhoo@asiapac.net
     Benjamin Cline - benji@hnt.com

-------------
Question:
-------------
I'm looking for a way find out what the total number of open TCP/IP
connections that my Solaris 2.5.1 system is set up for. I checked
/etc/init.d/inetinit and did not see anything customized for it, and I
know the default is 5. How do I see what it's currently set, i.e.
what file should I check? I know I can use lsof and
especially ntop (available at
ftp://coombs.anu.edu.au/pub/net/ident/ntop1.18.tar.Z for those of you
who asked!!!) to find out; however, I was wondering if anyone can tell
me where I can get the ntop package for it (I've managed to get the
source for it but am unable to compile it just yet). Up to a few
patches before the latest set for 2.5.1, the following
 
        /usr/sbin/ndd -set /dev/tcp tcp_conn_req_max 1024
 
 in the file /etc/init.d/inetinit
 
worked in preventing denial of service attacks. Now, ndd doesn't take
the tcp_conn_req_max anymore and complains about it. Does anyone know
what the parameter is to increase the TCP listening queue?
  
------------
Solution:
------------
Patch 103582-11 is the reason for this.
  
The old paremeter setting didn't really prevent denial of service
attacks, it made them more difficult.
  
After the new patch, the denial of service fix is in the TCP code; the
two new tunables are
        tcp_conn_req_max_q
        tcp_conn_req_max_q0;

which is a split of the old one.
  
tcp_conn_req_max_q is a queue of established connection (which
successfully completed the 3way handshake; only if your server is slow
this queue can overflow). The value for this is 128, and you need not
worry about increasing it.
  
tcp_conn_req_max_q0 is a queue that handles connections of which only
the initial SYN was received; if it overflows, old entries in the
queue are dropped, so possibly valid connections will still get
through. The default is 1024, and you dont' really need to tune it
anymore.
  
ndd /dev/tcp tcp_conn_req_max_q
ndd /dev/tcp tcp_conn_req_max_q0

Thank you all.

    Ju
    julienlim@rocketmail.com

_____________________________________________________________________
Sent by RocketMail. Get your free e-mail at http://www.rocketmail.com



This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:12:05 CDT