LISTEN_TIMEOUT and MAX_INCOMPLETE_CONNECTIONS configuration parameters
You can use configuration parameters to reduce the risk of a hostile, denial-of-service (DOS) flood attack.
- LISTEN_TIMEOUT. Sets the incomplete connection timeout period. The default incomplete connection timeout period is 60 seconds.
- MAX_INCOMPLETE_CONNECTIONS. Restricts the number of incomplete requests for connections. The default maximum number of incomplete connections is 1024.
If you do not set the LISTEN_TIMEOUT and MAX_INCOMPLETE_CONNECTIONS configuration parameters and a flood of unauthorized attacks occurs, the Listener VP might become insecure and it might not be able to listen to a valid request in a timely manner.
%d incomplete connection at this time.
System is under attack through invalid clients
on the listener port.
Depending on the machine capability of holding the threads (in number), you can configure MAX_INCOMPLETE_CONNECTIONS to a higher value and depending on the network traffic, you can set LISTEN_TIMEOUT to a lower value to reduce the chance that the attack can reach the maximum limit.
You can use the onmode -wm or onmode -wf commands to change the values of these configuration parameters while the server is online. For more information, see the Informix® Administrator's Reference.