The DNS process table attacks are mentioned at: http://lwn.net/daily/ptable.html I have been using tcpserver as a replacement for inetd for many months. It is at: ftp://koobera.math.uic.edu/www/ucspi-tcp.html and allows limiting the *_number_* of concurrent processes forked out of the inet facilities, as opposed to the *_rate_* of forked processes. Also, optionally, allows logging by port, with access control via a fast database, by IP, and user. I'm currently using it on httpd, ftp, faxd, smtp, telnet, pop3, and the qmail daemons. Seems viable. FWIW, FYI ... John -- John Conover, 631 Lamont Ct., Campbell, CA., 95008, USA. VOX 408.370.2688, FAX 408.379.9602 conoverat_private, http://www2.inow.com/~conover/john.html
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:37:10 PDT