Date: Fri, 18 Feb 2000 22:30:51 +0200 From: Mark Murray <mark@grondar.za> To: Lyndon Nerenberg <lyndon@orthanc.ab.ca> Cc: Peter Wemm <peter@netplex.com.au>, current@FreeBSD.ORG, committers@FreeBSD.ORG Subject: Re: Crypto progress! (And a Biiiig TODO list) Message-ID: <200002182030.WAA28751@gratis.grondar.za> In-Reply-To: <200002181628.e1IGS9P48266@orthanc.ab.ca> ; from Lyndon Nerenberg <lyndon@orthanc.ab.ca> "Fri, 18 Feb 2000 09:28:09 MST." References: <200002181628.e1IGS9P48266@orthanc.ab.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
All of the below are representative examples of the lattitude that a sysamin may be granted when setting up her system. There is a DoS of each of them. Pick your own policy. M > >>>>> "Mark" == Mark Murray <mark@grondar.za> writes: > > Mark> o A username may only be checked $number times per > Mark> $timeperiod; after that, _all_ answers are silently > Mark> converted to "no". > > Umm, massive DOS hole. > > Mark> o Daemon may only be invoked $number times per $timeperiod; > Mark> refuses to fork after that. > > Another massive DOS hole. > > Mark> o Daemon will delay $timeperiod before returning answer. > > This is the correct way to deal with (perceived) attacks. > > Mark> ... etc. There are possibilities for DoS attacks, but the > Mark> daemon talks only to a Unix Domain Socket, so finding the > Mark> perp is easy. > > Not if the daemon has shut itself off due to load (#1 or #2 above) and you > aren't currently logged in to the box. > > --lyndon -- Mark Murray Join the anti-SPAM movement: http://www.cauce.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200002182030.WAA28751>