Date: Fri, 23 Jul 1999 14:29:19 +0200 From: Sheldon Hearn <sheldonh@uunet.co.za> To: Andre Albsmeier <andre.albsmeier@mchp.siemens.de> Cc: Brian Feldman <green@FreeBSD.org>, hackers@freebsd.org Subject: Re: cvs commit: src/usr.sbin/inetd builtins.c inetd.h Message-ID: <41604.932732959@axl.noc.iafrica.com> In-Reply-To: Your message of "Fri, 23 Jul 1999 11:28:12 %2B0200." <19990723112812.A3847@internal>
next in thread | previous in thread | raw e-mail | index | archive | help
[Hijacked from cvs-committers and cvs-all] On Fri, 23 Jul 1999 11:28:12 +0200, Andre Albsmeier wrote: > I observed some kind of denial of service on -STABLE: I was > playing with the new nmap and did a 'nmap -sU printfix'. > inetd was running as "inetd -l" and started sucking all the > CPU time even the nmap had been terminated long ago. What does "sucking all the CPU time" mean? Does it mean that other programs were suffering, or does it mean that it was the only significant user of CPU and so showed up at close to 100% CPU usage? I suspect that the latter is true. > /var/log/messages file showed zillions of the following lines > being added continously: Well, you did ask for them (inetd -l). :-) > Jul 23 11:21:28 <daemon.info> printfix inetd[1743]: time from [...] > Jul 23 11:21:28 <daemon.info> printfix inetd[1743]: daytime from [...] Usually syslog will give you "last message repeated X times". Unfortunately, the alternation of the messages makes this impossible. David Malone had a few ideas on "clever" handling of UDP. While what he suggests might help reduce the number of messages you receive under legitimate use, it won't help against DoS, since the sender of packets can simply randomize the origin addresses. > Maybe you got an idea... I know exactly why you see what you see when you do what you do. All I can say is "don't do that", because I can't think of a why to cater for what you're doing in a sensible fashion. Ciao, Sheldon. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?41604.932732959>