Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 21 Jan 2000 02:28:10 -0600
From:      "Bob Madden" <bobm@atgsystems.com>
To:        "FreeBSD-Security" <freebsd-security@FreeBSD.ORG>
Subject:   Re: bugtraq posts: stream.c - new FreeBSD exploit?
Message-ID:  <000101bf63e9$76352f30$01000000@madman>
next in thread | raw e-mail | index | archive | help 

I'm grateful for the efforts put forth in finding a reliable means of
prevention to this attack. I have seen it's effects. For the benefit of those
working on the solution, I wanted to share what I see when the attack is in
full swing:

Running FreeBSD 3.4-STABLE
using ipfw
the kernel was compiled with:
    maxusers        390
    options         NMBCLUSTERS=10000
    options         NBUF=8192

Here is the log output:

Jan 19 22:27:05 Irc /kernel: icmp-response bandwidth limit 10342/100 pps
Jan 19 22:27:06 Irc /kernel: icmp-response bandwidth limit 9762/100 pps
Jan 19 22:27:07 Irc /kernel: icmp-response bandwidth limit 10990/100 pps
Jan 19 22:27:08 Irc /kernel: icmp-response bandwidth limit 10053/100 pps
Jan 19 22:27:09 Irc /kernel: icmp-response bandwidth limit 10748/100 pps
Jan 19 22:27:11 Irc /kernel: icmp-response bandwidth limit 11634/100 pps
Jan 19 22:27:12 Irc /kernel: icmp-response bandwidth limit 10811/100 pps
Jan 19 22:27:13 Irc /kernel: icmp-response bandwidth limit 10972/100 pps
Jan 19 22:27:14 Irc /kernel: icmp-response bandwidth limit 10325/100 pps
Jan 19 22:27:15 Irc /kernel: icmp-response bandwidth limit 10538/100 pps
Jan 19 22:27:16 Irc /kernel: icmp-response bandwidth limit 11204/100 pps
Jan 19 22:27:17 Irc /kernel: icmp-response bandwidth limit 10350/100 pps
Jan 19 22:27:17 Irc /kernel: Out of mbuf clusters - adjust NMBCLUSTERS or
increa
se maxusers!

BANG!!! Reboot!

If you need more specifics, you can email me directly.

Bob Madden
>,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,<
--This Message Composed By:      Bob Madden
-- bobm@ATGSYSTEMS.COM    Sys Admin /Network Engineer




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000101bf63e9$76352f30$01000000>