Set up to secure against a Telnet denial of service attack for HTTP Server

This topic provides information about how to secure your HTTP Server against a Telnet denial of service attack with the IBM^® Web Administration for i5/OS™ interface.

Important: Information for this topic supports the latest PTF levels for HTTP Server for i5/OS . It is recommended that you install the latest PTFs to upgrade to the latest level of the HTTP Server for i5/OS. Some of the topics documented here are not available prior to this update. See http://www.ibm.com/servers/eserver/iseries/software/http/services/service.htm for more information.

A Telnet attack could result in a denial of service to your HTTP Server. The configuration to protect against attacks has default settings, but you may want to change them to suit your individual needs.

Your HTTP Server can detect a denial of service attack by measuring the time-out and frequency, or the number of time-outs of certain clients' requests. If the HTTP Server does not receive a request from the client, then your HTTP Server determines that a Telnet denial of service attack is in progress. This occurs after making the initial client connection to your HTTP Server.

The HTTP Server's default is to perform attack detection and penalization. However, this default may not be right for your environment. If all access to your HTTP Server is through a firewall or proxy server or Internet Service Provider (ISP), then the Telnet denial of service protection is built into each of these entities. You should turn off the Telnet denial of service protection for this HTTP Server instance so that the HTTP Server does not falsely detect a denial of service condition.