From owner-freebsd-security Thu Sep 9 6:58:24 1999 Delivered-To: freebsd-security@freebsd.org Received: from cheops.anu.edu.au (cheops.anu.edu.au [150.203.76.24]) by hub.freebsd.org (Postfix) with ESMTP id 366DB14D85; Thu, 9 Sep 1999 06:58:13 -0700 (PDT) (envelope-from avalon@cheops.anu.edu.au) Received: (from avalon@localhost) by cheops.anu.edu.au (8.9.1/8.9.1) id XAA05823; Thu, 9 Sep 1999 23:56:58 +1000 (EST) From: Darren Reed Message-Id: <199909091356.XAA05823@cheops.anu.edu.au> Subject: Re: mbuf shortage situations To: kpielorz@tdx.co.uk (Karl Pielorz) Date: Thu, 9 Sep 1999 23:56:57 +1000 (EST) Cc: avalon@coombs.anu.edu.au, stas@sonet.crimea.ua, freebsd-hackers@FreeBSD.ORG, freebsd-security@FreeBSD.ORG In-Reply-To: <37D7B90D.B252B4E6@tdx.co.uk> from "Karl Pielorz" at Sep 9, 99 02:41:33 pm X-Mailer: ELM [version 2.4 PL23] Content-Type: text Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In some mail from Karl Pielorz, sie said: > > Darren Reed wrote: > > > > It is evil connection. Good applications do read data from their sockets, > > > and evil ones do not. And ever if it is good, but silly or busy > > > application, good clients do not send so much data that application > > > can not process it. Am I wrong, there are any examples? > > > > So what if someone manages to crash a program due to a DOS attack ? > > An easy one that comes to mind is syslogd. It's often stuck in disk-wait > > and can easily be targetted with a large number of packets. > > Isn't syslog UDP? - i.e. no ACK? - you could argue (to a point) that this > might even be by design? :) (with regard to if syslog is in diskwait, and over > burdened with traffic, data gets dropped). This, could be construed as a DoS > (in fact it probably is)... sorry, syslogd doesn't suffer from the same problems that klogd on lamix does (i.e its all datagrams). my mistake. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message