From owner-freebsd-current  Fri Feb 18  8:29:25 2000
Delivered-To: freebsd-current@freebsd.org
Received: from orthanc.ab.ca (orthanc.ab.ca [207.167.3.130])
	by hub.freebsd.org (Postfix) with ESMTP
	id 4E8BF37B926; Fri, 18 Feb 2000 08:29:19 -0800 (PST)
	(envelope-from lyndon@orthanc.ab.ca)
Received: from orthanc.ab.ca (localhost [127.0.0.1])
	by orthanc.ab.ca (8.10.0.Beta11/8.10.0.Beta6) with ESMTP id e1IGS9P48266;
	Fri, 18 Feb 2000 09:28:09 -0700 (MST)
Message-Id: <200002181628.e1IGS9P48266@orthanc.ab.ca>
To: Mark Murray <mark@grondar.za>
Cc: Peter Wemm <peter@netplex.com.au>, current@FreeBSD.ORG,
	committers@FreeBSD.ORG
Subject: Re: Crypto progress! (And a Biiiig TODO list) 
In-reply-to: Your message of "Fri, 18 Feb 2000 09:43:03 +0200."
             <200002180743.JAA26529@gratis.grondar.za> 
Date: Fri, 18 Feb 2000 09:28:09 -0700
From: Lyndon Nerenberg <lyndon@orthanc.ab.ca>
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

>>>>> "Mark" == Mark Murray <mark@grondar.za> writes:

    Mark> o A username may only be checked $number times per
    Mark> $timeperiod; after that, _all_ answers are silently
    Mark> converted to "no".

Umm, massive DOS hole.

    Mark> o Daemon may only be invoked $number times per $timeperiod;
    Mark> refuses to fork after that.

Another massive DOS hole.

    Mark> o Daemon will delay $timeperiod before returning answer.

This is the correct way to deal with (perceived) attacks.

    Mark> ... etc. There are possibilities for DoS attacks, but the
    Mark> daemon talks only to a Unix Domain Socket, so finding the
    Mark> perp is easy.

Not if the daemon has shut itself off due to load (#1 or #2 above) and you
aren't currently logged in to the box. 

--lyndon


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message