You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@mina.apache.org by stork <te...@gmail.com> on 2007/10/27 17:09:00 UTC
Stopping connections from being opened?
I'm having a lot of problems with my MINA-based server being subjected to
DDoS attacks.
Notably running out of file descriptors ! I have implemented a
ConnectionThrottleFilter which closes sessions that are identified as
illegal, which is working well, but doesn't solve the file descriptor issue.
Is it possible to prevent a socket from even being opened with MINA, instead
of just applying filters to already open sessions ?
Thanks for the help.
--
View this message in context: http://www.nabble.com/Stopping-connections-from-being-opened--tf4703398s16868.html#a13444051
Sent from the Apache MINA Support Forum mailing list archive at Nabble.com.
Re: Stopping connections from being opened?
Posted by Mark <el...@gmail.com>.
This sounds like an issue that is best handled by a firewall. It is
tough for MINA to determine the remote host without a socket/open
session.
On 10/27/07, stork <te...@gmail.com> wrote:
>
> I'm having a lot of problems with my MINA-based server being subjected to
> DDoS attacks.
> Notably running out of file descriptors ! I have implemented a
> ConnectionThrottleFilter which closes sessions that are identified as
> illegal, which is working well, but doesn't solve the file descriptor issue.
>
> Is it possible to prevent a socket from even being opened with MINA, instead
> of just applying filters to already open sessions ?
>
> Thanks for the help.
> --
> View this message in context: http://www.nabble.com/Stopping-connections-from-being-opened--tf4703398s16868.html#a13444051
> Sent from the Apache MINA Support Forum mailing list archive at Nabble.com.
>
>
--
--------------------------------
The adjuration to be "normal" seems shockingly repellent to me; I see
neither hope nor comfort in sinking to that low level. I think it is
ignorance that makes people think of abnormality only with horror and
allows them to remain undismayed at the proximity of "normal" to
average and mediocre. For surely anyone who achieves anything is,
essentially, abnormal.
Dr. Karl Menninger
Re: Stopping connections from being opened?
Posted by Trustin Lee <tr...@gmail.com>.
On 10/28/07, Bogdan Ciprian Pistol <bo...@gmail.com> wrote:
> > Notably running out of file descriptors ! I have implemented a
> > ConnectionThrottleFilter which closes sessions that are identified as
> > illegal, which is working well, but doesn't solve the file descriptor issue.
>
> If you use linux this can be fixed as root with the 'ulimit' command.
This is not an advertisement, but please try the following article. :D
http://blog.gleamynode.net/2006/11/linux-default-ulimit.html
Trustin
--
what we call human nature is actually human habit
--
http://gleamynode.net/
--
PGP Key ID: 0x0255ECA6
Re: Stopping connections from being opened?
Posted by Bogdan Ciprian Pistol <bo...@gmail.com>.
> Notably running out of file descriptors ! I have implemented a
> ConnectionThrottleFilter which closes sessions that are identified as
> illegal, which is working well, but doesn't solve the file descriptor issue.
If you use linux this can be fixed as root with the 'ulimit' command.
Bogdan