3To limit denial-of-service (DOS) attacks on UNIX, Linux, 3and Windows platforms, Dynamic Server has multiple listener threads (listen_authenticate). These threads authenticate client requests, while 3the main listener thread only accepts the incoming requests and forks new 3threads for authentication. (Prior to Dynamic Server Version 10.00.xc3, this 3feature was only supported on UNIX and Linux platforms.)
You can use the MAX_INCOMPLETE_CONNECTIONS configuration parameter to configure the number of the threads authenticating at any point in time.
You can use the LISTEN_TIMEOUT configuration parameter to configure the timeout value for incomplete connections.
DOS attacks can occur when you use external mechanisms such as Telnet to connect to the port reserved for a database server. For example, if you use Telnet to connect to the port reserved for a database server service, but do not send data, and a separate session attempts to connect to the server through an application such as DB-Access, the listener thread is blocked while waiting for information from the Telnet session and the listener thread cannot accept the connection to the application used in the second session. If during the waiting period, an attacker launches a distributed DOS (DDOS) attack in a loop, you can receive a flood attack on the connection leading to poor connection performance.
Home | [ Top of Page | Previous Page | Next Page | Contents | Index ]