Show Table of Contents
188.8.131.52.4. Resource Management Options
xinetddaemon can add a basic level of protection from Denial of Service (DoS) attacks. The following is a list of directives which can aid in limiting the effectiveness of such attacks:
per_source— Defines the maximum number of instances for a service per source IP address. It accepts only integers as an argument and can be used in both
xinetd.confand in the service-specific configuration files in the
cps— Defines the maximum number of connections per second. This directive takes two integer arguments separated by white space. The first argument is the maximum number of connections allowed to the service per second. The second argument is the number of seconds that
xinetdmust wait before re-enabling the service. It accepts only integers as arguments and can be used in either the
xinetd.conffile or the service-specific configuration files in the
max_load— Defines the CPU usage or load average threshold for a service. It accepts a floating point number argument.The load average is a rough measure of how many processes are active at a given time. See the
procinfocommands for more information about load average.
There are more resource management options available for
xinetd. Refer to the
xinetd.confman page for more information.