I have created a TCP server using .NET TcpListener.
I have some concerns on how it could be abused by spamming a lot of bogus connections similar to a DoS-like kind of attack.
I created a small console app to repeatedly initiate a connection to the server (only "connect" without transmitting other kind of data). The "max allowable concurrent connections limit" which is a setting in the server to prevent it from being overwhelmed, was met in an instant. This rendered my server pretty much useless since it could not accept new connections unless the other fake connections disconnect. This proves that my concern is not unfounded.
Is there any way we can do from the application level to prevent this? I was thinking to require clients to send a kind of token when connecting and the server would refuse connections that don't but I don't think TCP works that way.
Is relying on external solutions the only way? Eg. VPN, firewall, NAT etc?
Set a read timeout on every accepted socket, and close it if it triggers.