Date: Thu, 11 Jun 1998 15:01:22 -0500 (CDT) From: Jim Bryant <jbryant@unix.tfs.net> To: njs3@doc.ic.ac.uk (Niall Smart) Cc: freebsd-hackers@FreeBSD.ORG Subject: Re: [Fwd: Secure Ping 1.0] Message-ID: <199806112001.PAA22953@unix.tfs.net> In-Reply-To: <E0ykD1f-0004QK-00@oak71.doc.ic.ac.uk> from Niall Smart at "Jun 11, 98 08:28:43 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
In reply: > On Jun 11, 2:10pm, Robert Watson wrote: > } Subject: Re: [Fwd: Secure Ping 1.0] > > On Thu, 11 Jun 1998, IBS / Andre Oppermann wrote: > > > > > This looks promising ;-) > > > > Personally, I was under-impressed. This doesn't stop anyone from writing > > a tiny program that sends 64k UDP packets to deny service. > > Yeah. Pointless or what? What you really need is resource limits for > sockets. Some Japanese folks worked on this a while ago, but I've lost > the URL. It looked good but I'm not sure if its still being maintained. > Resource limits for sockets would be neato, I'm sure the virtual hosting > people would go crazy for it. I'd guess that you could shim it in pretty > easily at the top of the sockets interface without too much trouble. > Linux can do something like this using some special device file but I > don't think its enforcable on a user by user basis. mebbe limiting icmp, but can global socket limits create an unusable situation. heck such limits could be imposed that would prevent people from doing legitimate tasks. whatever happened to bandwidth limiting? an intelligent bandwidth limiting algorithm could detect a icmp flood and filter it's bandwidth down to a trickle.. other protocols could be done the same way. the original "secure-ping" idea presented is useful for preventing abuse by the casual unix user. anyhow, what kind of idiot keeps a compiler user-accessable in an untrusted environment?! mebbe a rtprio-type function that would operate on valid streams that have been bandwidth limited. jim -- All opinions expressed are mine, if you | "I will not be pushed, stamped, think otherwise, then go jump into turbid | briefed, debriefed, indexed, or radioactive waters and yell WAHOO !!! | numbered!" - #1, "The Prisoner" ------------------------------------------------------------------------------ Inet: jbryant@tfs.net AX.25: kc5vdj@wv0t.#neks.ks.usa.noam grid: EM28pw voice: KC5VDJ - 6 & 2 Meters AM/FM/SSB, 70cm FM. http://www.tfs.net/~jbryant ------------------------------------------------------------------------------ HF/6M/2M: IC-706-MkII, 2M: HTX-212, 2M: HTX-202, 70cm: HTX-404, Packet: KPC-3+ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199806112001.PAA22953>