Apache and 408s

Peter Barker pbarker at barker.dropbear.id.au
Mon Sep 17 17:24:36 EST 2001

On Mon, 17 Sep 2001, Matthew Hawkins wrote:

> On Mon, 17 Sep 2001, Peter Barker wrote:
> > 	Anybody have any clues what it is? Seems rather odd for a
> > portscan, since they should probably disconnect after scanning the port,
> > and not time out.
> Not for a TCP SYN scan.  You send the SYN, and never ACK the reply.  The
> server sits there with an open socket till timeout.  This is why its
> important in server applications to include the concept of a timeout
> because you don't want to leave yourself wide open for a fd DoS attack.

The connection is not accepted until the third-part (ack) of the handshake
is received. It would never reach apache if it was a syn-scan.

Peter Barker                          |   N    _--_|\ /---- Barham, Vic 
Programmer,Sysadmin,Geek              | W + E /     /\                
pbarker at barker.dropbear.id.au         |   S   \_,--?_*<-- Canberra      
You need a bigger hammer.             |             v    [35S, 149E]   
"When used legally and in its intended fashion, the Acrobat eBook Reader
 secures eBooks purchased by locking the eBook to the hardware from which
 it was purchased." -- Adobe press release

More information about the linux mailing list