>________________________________________ >From: 389-users-bounces@xxxxxxxxxxxxxxxxxxxxxxx [389-users-bounces@xxxxxxxxxxxxxxxxxxxxxxx] on behalf of Daniel Maher [dma+389users@xxxxxxxxx] >Sent: 19 October 2010 11:16 >To: 389-users@xxxxxxxxxxxxxxxxxxxxxxx >Subject: Re: [389-users] Safeguarding against to many established connections > >On 10/19/2010 12:11 PM, Gerrard Geldenhuis wrote: >> Hi >> We have recently seen an issue were a single client opened up more than 800 established connections to our directory server. The client did have the proper settings configured and should have closed >connections but it did'nt. Is there a way to limit the amount of connections per client or close connections from the server side after a certain period? Without just making the amount of connections ridicuosly >high on the directory server how can you safeguard against rogue clients. >> >> Our client setting is as follows: >> idle_timelimit 5 >> timelimit 10 >> bind_timelimit 5 >> >> We were unable to log into client and it had file system issues so we could not do any further analyses there. >> >> I suspect that solutions to this problem probably falls outside of what can be configured in 389? > >While it's not a 389-specific suggestion, iptables could easily solve >this problem for you across the board. :) > I would be keen on such a solution but from a company point of view it is "non-standard" so I would need to do a bit of convincing and/arm twisting. Regards ________________________________________________________________________ In order to protect our email recipients, Betfair Group use SkyScan from MessageLabs to scan all Incoming and Outgoing mail for viruses. ________________________________________________________________________ -- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
