Tech Off Thread

2 posts

Forum Read Only

This forum has been made read only by the site admins. No new threads or comments can be added.

Server DOS defence?

Back to Forum: Tech Off
  • User profile image

    The server is running 2~5 waiting threads listening for incoming connections. When a waiting thread is in use (someone connects) a new thread is spawned and THAT then in turn becomes a waiting thread.

    The problem I have with this system is that someone could use it to effectively DOS the machine by eating up all the resources by rapidly connecting and disconnecting. Is there any methods or tactics to avoiding a DOS type situation?

    I have considered remote host connection limits and such but if you take into consideration large organisations like Universities that might have a single exit point (IP) and lots of users, you would end up limiting that connection to one or two users.

  • User profile image

    Apologies in advance for the lack of linebreaks - this forum does not handle Safari very well yet. Have you considered using a different server model? I was never keen on the one thread per connection concept. I was thinking about using Async IO with a fixed set size of server threads. The advantage to this is that you can tune your server (if it is limited to one box) to handle a fixed number of connections (x per thread) after which connections either wait in the listen/accept queue or are bounced back as un-connected. Another advantage to this is that the type of DOS you mention above is unlikely and although the server will not degrade service very gracefully at least you can get a fairly realistic idea about what level of service each connection can expect. Lastly you are not creating lots of threads, if someone connects-disconnects-connects it's no big deal (although you could temporarily refuse that IP if they connect more than n times in 30 seconds). Just my £0.02 worth.

Conversation locked

This conversation has been locked by the site admins. No new comments can be made.