Date: Sun, 20 Dec 1998 14:13:45 -0400 (AST) From: Michael Richards <026809r@acadiau.ca> To: "Joseph T. Lee" <nugundam@la.best.com> Cc: security@FreeBSD.ORG Subject: Re: nmap crashes inetd/portmap on 2.2.6 Message-ID: <Pine.GSO.4.05.9812201413310.22893-100000@dragon> In-Reply-To: <19981220065801.A16429@la.best.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> If I strobe my FreeBSD 3.0-current system, it gets to the point where > it looks like a DoS attack: > Dec 20 06:51:43 greenwood3 /kernel: icmp-response bandwidth limit 585/100 pps Neato. How does one enable this ping limitation? > Dec 20 06:51:45 greenwood3 identd[32584]: getbuf: bad address (000186c0 not in f0100000-0xFFC00000) - ofile > Dec 20 06:51:45 greenwood3 identd[32584]: k_getuid retries: 1 > Dec 20 06:51:47 greenwood3 syslogd: /dev/console: Too many open files in system: Too many open files in system > Dec 20 06:51:47 greenwood3 syslogd: /var/run/utmp: Too many open files in system > Dec 20 06:51:47 greenwood3 syslogd: /var/run/utmp: Too many open files in system > Dec 20 06:51:47 greenwood3 /kernel: file: table is full Here is what I have noticed. If you are running tcpwrappers or something that will try to ident every connection, it starts up enough ident processes that bad things like this start happening. At one point, my PC's load average was up to 45 because of someone portscanning me. I looked, and for some reason, there were about 100 ident processes running. Then I started getting errors like those above. At the time, it was a 3.0-BETA system. -Michael To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.GSO.4.05.9812201413310.22893-100000>