Apache and 408s
Peter Barker
pbarker at barker.dropbear.id.au
Mon Sep 17 17:24:36 EST 2001
On Mon, 17 Sep 2001, Matthew Hawkins wrote:
> On Mon, 17 Sep 2001, Peter Barker wrote:
> > Anybody have any clues what it is? Seems rather odd for a
> > portscan, since they should probably disconnect after scanning the port,
> > and not time out.
>
> Not for a TCP SYN scan. You send the SYN, and never ACK the reply. The
> server sits there with an open socket till timeout. This is why its
> important in server applications to include the concept of a timeout
> because you don't want to leave yourself wide open for a fd DoS attack.
The connection is not accepted until the third-part (ack) of the handshake
is received. It would never reach apache if it was a syn-scan.
Yours,
--
Peter Barker | N _--_|\ /---- Barham, Vic
Programmer,Sysadmin,Geek | W + E / /\
pbarker at barker.dropbear.id.au | S \_,--?_*<-- Canberra
You need a bigger hammer. | v [35S, 149E]
"When used legally and in its intended fashion, the Acrobat eBook Reader
secures eBooks purchased by locking the eBook to the hardware from which
it was purchased." -- Adobe press release
More information about the linux
mailing list