From owner-cvs-all Mon Apr 16 10:39:54 2001 Delivered-To: cvs-all@freebsd.org Received: from scribble.fsn.hu (scribble.fsn.hu [193.224.40.95]) by hub.freebsd.org (Postfix) with SMTP id CA73037B440 for ; Mon, 16 Apr 2001 10:39:47 -0700 (PDT) (envelope-from bra@fsn.hu) Received: (qmail 96035 invoked by uid 1000); 16 Apr 2001 17:39:40 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 16 Apr 2001 17:39:40 -0000 Date: Mon, 16 Apr 2001 19:39:40 +0200 (CEST) From: Attila Nagy To: Poul-Henning Kamp Cc: , Subject: Re: cvs commit: src/libexec/ftpd ftpcmd.y ftpd.8 In-Reply-To: <3369.987434963@critter> Message-ID: <20010416192001.G95619-100000@scribble.fsn.hu> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Hello, > >> Add the "SITE MD5 filename" facility. > There are other uses of ftp besides anonymous, but you are right, it > probably should be allowed in anonymous mode too. I think this SITE MD5 stuff is very useful for us, who have FTP sites with large files (ISOs). I am very glad to see this functionality, but care must be taken, because it could be lead to a DoS. If a server has an FTP concurrency limit of 750. When this is full, the machine can serve the requests, because they are simple file transfers and there are too many limiting factor in the IO, which bounds the transfers. But when the attacker uses 750 SITE MD5 it will eat both the processor and the IO capacity of the machine. So it would be nice to limit these concurrent MD5 requests and/or to introduce an MD5 cache (this would be useful for the anonymous FTP server case). -------------------------------------------------------------------------- Attila Nagy e-mail: Attila.Nagy@fsn.hu Budapest Polytechnic (BMF.HU) @work: +361 210 1415 (194) H-1084 Budapest, Tavaszmezo u. 15-17. cell.: +3630 306 6758 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message