At 01:27 23/02/99 -0500, Justin M. Streiner wrote:
>On Tue, 23 Feb 1999, Mark Delany wrote:
>
>> At 05:31 23/02/99 -0000, you wrote:
>> >On http://lwn.net/daily/ptable.html is a description of denial of
>> >service process table attacks. Am I correct that tcpserver limits
>> >fork() calls to a specified number, and therefore alleviates the
>> >situation?
>>
>> Correct. As long as you run all of your services via tcpserver.
>
>Too bad similar protection isn't currently available for udp and RPC
>services :-)
In the context of DOS attacks which exhaust the process table, it's much
less common for a UDP service to invoke a new process for the obvious
reasons to do with the difficulty of demuxing the inbound packet stream.
Similarly, most RPC services seem to be handled within a single process or
process pool.
Regards.
