Re: mystery NCSA httpd problems on gnn.com

Robert S. Thau (rst@ai.mit.edu)
Tue, 31 Jan 1995 19:52:07 +0100

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Kurt Foss: "Re: GIF vs JPEG"
Previous message: Kee Hinckley: "Re: GIF vs JPEG"
Maybe in reply to: John Labovitz: "mystery NCSA httpd problems on gnn.com"
Next in thread: Robert S. Thau: "Re: mystery NCSA httpd problems on gnn.com"

Date: Tue, 31 Jan 1995 15:43:07 +0100
Reply-To: dmk@allegra.att.com
Precedence: bulk
From: dmk@allegra.att.com (Dave Kristol)
X-Listprocessor-Version: 6.0c -- ListProcessor by Anastasios Kotsikonas
X-Comment: To sign off, send mail to listproc@info.cern.ch with body DEL WWW-TALK

Rob McCool said:
> ... the queue is used both for connections that are ready to be
> accepted as well as for half-negotiated connections. The latter can
> fill the queue, starving any new connections from being negotiated.

This sounds like a very interesting hypothesis. Suppose all the
pending connections were half-negotiated. The queue might be full, so
the server (actually, the OS) would reject new connections, but there
would be no completed connections to process.

This matches what we see... and, incidentally, if true, it makes for a
fairly neat denial-of-service attack against Unix-based TCP servers.
(If Mallet wants to disable rlogin and telnet on a machine he's in the
process of subverting, he just has to make his machine,
badguy.mallet.com, deliberately initiate five connections on those
ports and fail to complete the handshake).

Things that make you go hmmm...

rst

Next message: Kurt Foss: "Re: GIF vs JPEG"
Previous message: Kee Hinckley: "Re: GIF vs JPEG"
Maybe in reply to: John Labovitz: "mystery NCSA httpd problems on gnn.com"
Next in thread: Robert S. Thau: "Re: mystery NCSA httpd problems on gnn.com"