________________________________________
From: 389-users-bounces(a)lists.fedoraproject.org
[389-users-bounces(a)lists.fedoraproject.org] on behalf of Daniel Maher
[dma+389users(a)witbe.net]
Sent: 19 October 2010 11:16
To: 389-users(a)lists.fedoraproject.org
Subject: Re: [389-users] Safeguarding against to many established connections
On 10/19/2010 12:11 PM, Gerrard Geldenhuis wrote:
> Hi
> We have recently seen an issue were a single client opened up more than 800
established connections to our directory server. The client did have the proper settings
configured and should have closed >connections but it did'nt. Is there a way to
limit the amount of connections per client or close connections from the server side after
a certain period? Without just making the amount of connections ridicuosly >high on the
directory server how can you safeguard against rogue clients.
>
> Our client setting is as follows:
> idle_timelimit 5
> timelimit 10
> bind_timelimit 5
>
> We were unable to log into client and it had file system issues so we could not do
any further analyses there.
>
> I suspect that solutions to this problem probably falls outside of what can be
configured in 389?
While it's not a 389-specific suggestion, iptables could easily solve
this problem for you across the board. :)
I would be keen on such a solution but from a company point of view it is
"non-standard" so I would need to do a bit of convincing and/arm twisting.
Regards
________________________________________________________________________
In order to protect our email recipients, Betfair Group use SkyScan from
MessageLabs to scan all Incoming and Outgoing mail for viruses.
________________________________________________________________________