To reduce the risk of a hostile, DOS flood attack, you can customize the following configuration parameters:
If you do not set the LISTEN_TIMEOUT and MAX_INCOMPLETE_CONNECTIONS configuration parameters and a flood of unauthorized attacks occurs, the Listener VP might become insecure and it might not be able to listen to a valid request in a timely manner.
If you set the LISTEN_TIMEOUT and MAX_INCOMPLETE_CONNECTIONS configuration parameters and someone tries to break into the system and reaches the maximum limit specified, the following information in the online message log tells you that the system is under attack:
%d incomplete connection at this time. System is under attack through invalid clients on the listener port.
Depending on the machine capability of holding the threads (in number), you can configure MAX_INCOMPLETE_CONNECTIONS to a higher value and depending on the network traffic, you can set LISTEN_TIMEOUT to a lower value to reduce the chance that the attack can reach the maximum limit.
Home | [ Top of Page | Previous Page | Next Page | Contents | Index ]