Denial of service

The directory server protects against the following types of denial of service attacks:

• Clients that send data slowly, send partial data, or send no data
• Clients that do not read data results or who read results slowly
• Clients that do not unbind
• Clients that make requests that produce long-running database requests
• Clients that bind anonymously
• Server loads that prevent the administrator from administering the server

The directory server gives an administrator several methods to prevent denial of service attacks. An administrator always has access to the server through the use of an emergency thread even if the server is busy with long-running operations. In addition, the administrator has control over server access including the ability to disconnect clients with a particular bind DN or IP address and configure the server to not allow anonymous access. Other configuration options can be activated to allow the server to actively prevent denial of service attacks.

For more information, see:

• Manage server connections
• Manage connection properties