On Wed, Jul 05, 2006 at 07:54:01AM -0400, linux-os (Dick Johnson) wrote:
> >> running since 8:42pm yesterday. It's 8:37am now. It hasn't progressed
> >> in any way. It hasn't quit. It hasn't timed out. It just sits there,
> >> hung. This leads me to consider the possibility of a DOS, either
> >> intentional or accidental (think about 2.6.17.x running on a mail server
> >> and someone mails/spams from a broken place).
>
> TCP/IP connections can continue forever. That's one of the reasons why
> Berkeley sockets has SO_KEEPALIVE for a socket option. In the absence
> of such an option, the physical connection can be broken for a week,
> reconnected, then the session can continue.
D'oh. I knew that. Sigh. It's one of the things I like about having a
static ip on a bad connection. :)
> In your case, you probably have a real error in which one end of the
> connection crashed. However, until the other end shuts down that
Well not so much crashed but became unreachable due to the wsize thing.
> socket, the connection is logically correct and should not be
> forcefully terminated.
It'll never terminate right now unless I hit ^c.
> A DOS is unlikely because with no data being transferred, little
Not all DOS' are transfer based. Just anything that uses up resources to
the point where a service is no longer able to be performed.
> non-swapable resources are used. You can control the maximum number
> of connections allowed from a host with your firewall software
> (like iptables).
After the fact really. In this case one can send mail to a box and make
it bounce to someplace behind a wsize broken network. Resources taken up
that wont return until someone spots what's wrong. You could make your
own wsize broken network, connect to someplace a few times and then move
on whilst their end hangs around, waiting for the connections to do
somthing.
In my test case I am wondering if there was/is a web process hanging
about doing nothing other then waiting for my end to do something.
--
"To the extent that we overreact, we proffer the terrorists the
greatest tribute."
- High Court Judge Michael Kirby
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
