Apache and 408s
Martijn van Oosterhout
kleptog at svana.org
Mon Sep 17 17:37:48 EST 2001
On Mon, Sep 17, 2001 at 05:18:50PM +1000, Matthew Hawkins wrote:
> On Mon, 17 Sep 2001, Peter Barker wrote:
> > Anybody have any clues what it is? Seems rather odd for a
> > portscan, since they should probably disconnect after scanning the port,
> > and not time out.
>
> Not for a TCP SYN scan. You send the SYN, and never ACK the reply. The
> server sits there with an open socket till timeout. This is why its
> important in server applications to include the concept of a timeout
> because you don't want to leave yourself wide open for a fd DoS attack.
Surely the application never gets notified unless the server receives the
ACK. So they would have to ACK the SYN-ACK and then go away, which seems
strange for a port scanner.
--
Martijn van Oosterhout <kleptog at svana.org>
http://svana.org/kleptog/
> Magnetism, electricity and motion are like a three-for-two special offer:
> if you have two of them, the third one comes free.
More information about the linux
mailing list