Re: possible dos / wsize affected frozen connection length (was: Re: 2.6.17.1: fails to fully get webpage)

[linux-os \(Dick Johnson\)]

On Tue, 4 Jul 2006, CaT wrote:

> On Fri, Jun 30, 2006 at 08:50:39AM +1000, CaT wrote:
>> Another datapoint to this is that I've had this my netcat web test
>> running since 8:42pm yesterday. It's 8:37am now. It hasn't progressed
>> in any way. It hasn't quit. It hasn't timed out. It just sits there,
>> hung. This leads me to consider the possibility of a DOS, either
>> intentional or accidental (think about 2.6.17.x running on a mail server
>> and someone mails/spams from a broken place).
>
> I'm just wondering if connections hanging around this long are normal.
> The above has now been running for 6 days. netstat is still reporting an
> established session. netcat has not timed out. It's all just sitting
> there doing nothing.
>
> --

>    "To the extent that we overreact, we proffer the terrorists the
>    greatest tribute."
>       - High Court Judge Michael Kirby

TCP/IP connections can continue forever. That's one of the reasons why
Berkeley sockets has SO_KEEPALIVE for a socket option. In the absence
of such an option, the physical connection can be broken for a week,
reconnected, then the session can continue.

In your case, you probably have a real error in which one end of the
connection crashed. However, until the other end shuts down that
socket, the connection is logically correct and should not be
forcefully terminated.

A DOS is unlikely because with no data being transferred, little
non-swapable resources are used. You can control the maximum number
of connections allowed from a host with your firewall software
(like iptables).

Cheers,
Dick Johnson
Penguin : Linux version 2.6.16.4 on an i686 machine (5592.86 BogoMips).
New book: http://www.AbominableFirebug.com/
_


****************************************************************
The information transmitted in this message is confidential and may be 
privileged.  Any review, retransmission, dissemination, or other use of this 
information by persons or entities other than the intended recipient is 
prohibited.  If you are not the intended recipient, please notify Analogic 
Corporation immediately - by replying to this message or by sending an email to 
[EMAIL PROTECTED] - and destroy all copies of this information, including any 
attachments, without reading or disclosing them.

Thank you.
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html