Date: Thu, 16 Aug 2001 21:54:33 +0400 (MSD) From: marck@rinet.ru To: FreeBSD-gnats-submit@freebsd.org Subject: ports/29778: patch for ports/net/arpwatch Message-ID: <200108161754.f7GHsXp67632@woozle.rinet.ru>
next in thread | raw e-mail | index | archive | help
>Number: 29778
>Category: ports
>Synopsis: patch for ports/net/arpwatch
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-ports
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: update
>Submitter-Id: current-users
>Arrival-Date: Thu Aug 16 11:00:01 PDT 2001
>Closed-Date:
>Last-Modified:
>Originator: Dmitry Morozovsky
>Release: FreeBSD 4.3-STABLE i386
>Organization:
Cronyx Plus LLC
>Environment:
System: FreeBSD woozle.rinet.ru 4.3-STABLE
>Description:
Here is small patch for arpwatch eliminating spiralling down
problem when arp-change DoS attack is performed.
Solution is simple: limit queue of arpwatch reports
outstanding for outmailing, and only write them to syslog.
>How-To-Repeat:
Make arpchange DoS (f.e, 20/30 arp changes per sec for several
minutes). Invoking sendmail even with queued delivery doesn't
help much in this situation.
>Fix:
Maybe max depth should be made configurable via command-line option...
--- report.c.orig Mon Jan 18 04:46:42 1999
+++ report.c Fri Oct 6 19:59:23 2000
@@ -275,6 +275,12 @@
/* Update child depth */
++cdepth;
+ /* DM: try to stop spiralling down */
+ if (cdepth >= 10) { /* syslog this only */
+ syslog(LOG_WARNING,
+ "too many requests (%d), stop forking and sending mail", cdepth);
+ return;
+ }
/* Fork off child to send mail */
pid = fork();
if (pid) {
>Release-Note:
>Audit-Trail:
>Unformatted:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200108161754.f7GHsXp67632>