Welcome to中国防火墙网
Add to Favorites | Chinese
Classification is on guard to be atttacked to the DoS of Linux
From;    Author:Stand originally
Run rampant as a result of what reject a service to atttack a tool, reach the fact that cannot alter when the blemish of the consultative layer that is aimed at is short, reject to serve attack to also be become it is extremely extensive, difficult to circulate the means of a kind of attack that be on guard. Although so far, the method with absolutely neither one can check this kind is atttacked; But atttack means to what differ, still have a few means of settlements. The article is with Redhat Linux 9.0 exemple, how is the introduction classified be on guard DoS.

Two kinds of Linux server defend a process

1.stand-alone modeStand-alone means is the visit mode of the C/S mode of Unix tradition. The server is monitored (Listen) what await client end on the port of a characteristic is online. If client end generates plea of a join, guardianship process is founded (Fork) one stature server answers this join, and advocate the server continues to monitor, with maintaining much stature server the pool awaits next client to carry a request. The working principle of Stand-alone mode is shown 1 times like the graph.
The network service that the job leaves in Stand-alone mode has Route, Gated. Everybody's more familiar Web server is Apache and mail server Sendmail. In Apache this is planted on the server with very big load, achieve beforehand child the service rate that the server can raise a client.
The service that starts through Stand-alone job mode in Linux system by / the symbolic link among the moving level of face correspondence below Etc/rc.d/ is started.
2.xinetd mode
The concept from guardianship process can see, to what the system wants the avery kind of that pass the service must run to monitor what a certain port joins place happens to defend a process, this means resources waste normally. To solve this problem, linux introduced “ network to guard a process to serve the concept of program ” .
The network that Redhat Linux 9.0 uses defends a process is Xinetd (EXtended InterNET Daemon) . With Stand - Alone mode photograph is compared, xinetd mode also weighs Internet Super - Server (super server) . Xinetd can monitor many designation port at the same time, what can request port according to the user when accepting an user to request is different, start different network to serve a process to handle these user requests. We can regard Xinetd as an administrative server that runs the service that start, it decides to give which program processing plea of a client, start corresponding guardianship process next. The working principle of Xinetd mode is shown 2 times like the graph.
With Stand - photograph of Alone job mode is compared, the system does not want each network to serve a process to monitor its to serve port, run individual Xinetd to be able to monitor all service port at the same time, reduced systematic expense so, protected systematic natural resources. But big to visitting a quantity, often appear when intercurrent visit, xinetd wants to start corresponding network often to serve a process, can bring about systematic performance to drop instead.
Previous12 Next

About us | Legal Notices | Sitemap | Links | Partner