I think the RFC that say's keepalives must be at least 2 hours isn't very security conscious. What I mean is if you take a syn attack, it sets up connections and then never sends any data, holding the connection in a half-open state. I know there's a finite number of connections that a host can have open at one time, so once that number is reached, no one else can communicate (I understand that this has been fixed in various ways in different TCP/IP stacks).
But I'd have to say that one could hold open a bunch of these sessions, I guess you'd call them open-hung states, and eventually knock off the system as well. I don't think a session should stay open for that long, but at the same time, I wouldn't think it should close after 500 ms of not hearing any data either. I guess you need a balance, but how much I'd have no idea. \\ \"]"sam sneed"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Someone sent me this link which I think was helpful: > http://www.sean.de/Solaris/soltune.html#common > > I will have to do more research. > The problem I need to solve: > > My firewall keeps connections in its state table for 1 hour. So after one > hour if you did a netstat on each host the connection appears up. But when > host A sends data to host B, the firewall silently drops the packet. Host A > will keep resending and its packets will get dropped. Host A times out and > closes its socket. Host B nevers receives the FIN and it still shows the > connection is up according to netstat. This is a pain because I have to > constantly reeastblish connections between host A and B.I'd like to raise > the timeout on my server to a lower value and maybe bump up the timeut value > on the firewall to a higher value. I will do my research and post a summary > since I've similiar types of posts in the past without complete explanations > > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=48986&t=48934 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
