Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 20 Apr 2013 14:17:09 -0300
From:      Marcelo Gondim <gondim@bsdinfo.com.br>
To:        Adrian Chadd <adrian@freebsd.org>
Cc:        freebsd-stable@freebsd.org
Subject:   Re: Possible DoS in mpd 5.6 pppoe server
Message-ID:  <5172CD95.2080904@bsdinfo.com.br>
In-Reply-To: <CAJ-Vmomvy77_zvbTDfdz=d1KZ8y_M=K8wXJtmf=2kYAX8MExKA@mail.gmail.com>
References:  <5172965A.9080600@bsdinfo.com.br> <CAJ-Vmomvy77_zvbTDfdz=d1KZ8y_M=K8wXJtmf=2kYAX8MExKA@mail.gmail.com>

next in thread | previous in thread | raw e-mail | index | archive | help
Hi Adrian,

Thanks for your help.  :)

My mpd.conf:
============
startup:
         # configure mpd users
         #set user foo bar admin
         set user suporte papatango
         set user admin tutumineiro admin
         # configure the console
         set console self 192.168.8.34 5005
         set console open
         # configure the web server
         set web self 0.0.0.0 5006
         set web open


default:
         load pppoe_server

pppoe_server:
         create bundle template B
         set iface disable proxy-arp
         set iface enable tcpmssfix
         set ipcp dns 8.8.8.8 8.8.4.4
         #set ipcp enable vjcomp
         set iface up-script /usr/local/etc/mpd5/addclient.sh
         set iface down-script /usr/local/etc/mpd5/removeclient.sh
         set ippool add pool1 10.10.0.1 10.10.255.254
         set ipcp ranges 10.51.0.1/32 ippool pool1
         create link template common pppoe
         #set link enable multilink
         set link action bundle B
         set link disable chap pap eap
         set link mtu 1492
         set link mru 1492
         set link enable pap
         load radius

         create link template igb1 common
         set pppoe iface igb1
         set pppoe acname "IntBSD1"
         set pppoe service "*"
         set link enable incoming
         set auth max-logins 1
         set link max-children 5000

         create link template igb2 common
         set pppoe iface igb2
         set pppoe acname "IntBSD2"
         set pppoe service "*"
         set link enable incoming
         set auth max-logins 1
         set link max-children 5000

         create link template igb3 common
         set pppoe iface igb3
         set pppoe acname "IntBSD3"
         set pppoe service "*"
         set link enable incoming
         set auth max-logins 1
         set link max-children 5000

radius:
     set radius server localhost xuxupedra 1812 1813
     set radius retries 3
     set radius timeout 3
     # send the given IP in the RAD_NAS_IP_ADDRESS attribute to the server.
     set radius me 127.0.0.1
     # send accounting updates every 5 minutes
     set auth acct-update 300
     # enable RADIUS, and fallback to mpd.secret, if RADIUS auth failed
     set auth enable radius-auth
     # enable RADIUS accounting
     set auth enable radius-acct
     # protect our requests with the message-authenticator
     set radius enable message-authentic


My ppp.conf:

intnet:
   set device PPPoE:re0
   set mru 1492
   set mtu 1492
   set authname hercilia201254
   set authkey 12345
   set login
   set dial
   enable dns
   add default HISADDR
   set timeout 0
   open

The test server is off now, but I'll get ipfw and dummynet settings in 
the Companyand post it here.


Em 20/04/13 11:48, Adrian Chadd escreveu:
> Can you provide more information about the configuration of mpd and ppp?
>
> the panic is in the dummynet code; can you provide information about
> your ipfw/dummynet setup?
>
> Thanks,
>
>
>
> adrian
>
>
> On 20 April 2013 06:21, Marcelo Gondim <gondim@bsdinfo.com.br> wrote:
>> Hi all,
>>
>> I'm doing tests with mpdas pppoeserver. Tried to simulate an attack of 1000
>> connections using an incorrect login and after a certain time can cause a
>> kernel panic in the system. Below the panicgenerated:
>>
>> http://pastebin.com/nUXGVR3y
>>
>> Other equipment I do:
>>
>> # for (( i=0; i < 1000; i++ )); do ppp -ddial intnet ; done
>>
>> My System:
>>
>> Intel Motherboard Server S5500BC with Dual Processor Xeon(R) CPU E5606  @
>> 2.13GHz
>> 8Gb ram
>>
>> I do not understand programming in Cor Assembly. But could someone tell me
>> if what happened was a system problem or hardware?
>>
>> Best regards,
>>
>> Gondim
>>
>> _______________________________________________
>> freebsd-stable@freebsd.org mailing list
>> http://lists.freebsd.org/mailman/listinfo/freebsd-stable
>> To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org"


-- 



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5172CD95.2080904>