Log in

No account? Create an account
Linux Community's Journal
[Most Recent Entries] [Calendar View] [Friends View]

Saturday, June 8th, 2002

Time Event
I would like to use a domain I own to refer to my home linux box, however, I don't have a static ip address..is there any way this can be done?
I ran across an interesting problem, which I have not seen crash or kernel panic an openbsd box but a freebsd box (this is cross posted in openbsd/freebsd/linux)
keep idle, the default based on the rfc is 7200 or 2hours, means that once a tcp connection is established if after 2hours not data has been sent it starts sending keepalive packets...up to 8 using the keepintvl or 75seconds meaning this is another 20min or so...so essentially a tcp connection is kept open2hours and 20min after it is esbliashed...the problem is you can create a DoS by creating connections until you exhaust the 65535 ports, against a freebsd 4.4 system, this is an attack that can be run across the net and not just on a local network. Even tested on a local network I was unable to flood an openbsd box to DoS. This isn't to say openbsd is invincible, i think a little more time and effort would result in the ability to DoS it as well.

net.inet.tcp.keepinittime = 150
net.inet.tcp.keepidle = 7200
net.inet.tcp.keepintvl = 75

in linux you may find these same values in /proc/sys/net/ipv4/tcp
tcp_keepalive_intvl and tcp_keepalive_time

I have not tried this against a linux system but would assume that it would result in the same problem.

also, i have seen some systems that make the time out 120seconds, 2min, instead of 20, this would substantially help out the system, as the freebsd system took about 15min to deplete the avalible ports and finally crash. I am not aware of the consequences of lowering this number to a level such as 2min. Also, all of this was observed on systems non firewalled, a freebsd system over the net, and an openbsd over an internal network (which did not crash.) Firewalling would help decrease this problem as well.

anyone with more information, or can verify this to be a problem on any other systems, or with thoughts towards the proper settings of the keepalive flags please let me know
Here's an interesting one for the assembled Linux users ...

My colo server has 7 IPs bound to it (eth0 and then eth0:1-6). I know that daemons can bind to specific IPs and specific ports (i.e. I have two instances of qmail running, one listening on .140 port 25 and the other listening on .141 port 25), but is it possible for me to have a program that specifies what IP a program launched by it will communicate *out* on?

For example: When I run ircii, it binds to the IP on eth0 (.140). What I would like to be able to do is, say, this: $ bindip ircii [params] ... Launched in this way, ircii would see .142 as the "default" IP and use it as its source in communicating outbound to other hosts.

Is this doable? Does it make sense?

<< Previous Day 2002/06/08
Next Day >>
About LiveJournal.com