Date: Thu, 16 Aug 2001 21:54:33 +0400 (MSD) From: marck@rinet.ru To: FreeBSD-gnats-submit@freebsd.org Subject: ports/29778: patch for ports/net/arpwatch Message-ID: <200108161754.f7GHsXp67632@woozle.rinet.ru>
next in thread | raw e-mail | index | archive | help
>Number: 29778 >Category: ports >Synopsis: patch for ports/net/arpwatch >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-ports >State: open >Quarter: >Keywords: >Date-Required: >Class: update >Submitter-Id: current-users >Arrival-Date: Thu Aug 16 11:00:01 PDT 2001 >Closed-Date: >Last-Modified: >Originator: Dmitry Morozovsky >Release: FreeBSD 4.3-STABLE i386 >Organization: Cronyx Plus LLC >Environment: System: FreeBSD woozle.rinet.ru 4.3-STABLE >Description: Here is small patch for arpwatch eliminating spiralling down problem when arp-change DoS attack is performed. Solution is simple: limit queue of arpwatch reports outstanding for outmailing, and only write them to syslog. >How-To-Repeat: Make arpchange DoS (f.e, 20/30 arp changes per sec for several minutes). Invoking sendmail even with queued delivery doesn't help much in this situation. >Fix: Maybe max depth should be made configurable via command-line option... --- report.c.orig Mon Jan 18 04:46:42 1999 +++ report.c Fri Oct 6 19:59:23 2000 @@ -275,6 +275,12 @@ /* Update child depth */ ++cdepth; + /* DM: try to stop spiralling down */ + if (cdepth >= 10) { /* syslog this only */ + syslog(LOG_WARNING, + "too many requests (%d), stop forking and sending mail", cdepth); + return; + } /* Fork off child to send mail */ pid = fork(); if (pid) { >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200108161754.f7GHsXp67632>