Date: Thu, 24 Jun 1999 19:09:10 -0500 From: Chris Costello <chris@calldei.com> To: # rm -rf /* <geniusj@shell.phrozen.org> Cc: Seth <seth@freebie.dp.ny.frb.org>, stable@FreeBSD.ORG Subject: Re: DoS?? Message-ID: <19990624190910.C42754@holly.dyndns.org> In-Reply-To: <Pine.LNX.4.10.9906241246440.2344-100000@shell.phrozen.org>; from # rm -rf /* on Thu, Jun 24, 1999 at 12:47:27PM -0600 References: <Pine.BSF.4.10.9906241443500.45969-100000@freebie.dp.ny.frb.org> <Pine.LNX.4.10.9906241246440.2344-100000@shell.phrozen.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Jun 24, 1999, # rm -rf /* wrote: > All I can really say is that in the netstat -a.. it was like a syn flood > except all the connections were established on the ssh port.. we have > figured out that it just overloads the cpu, bringing the load averages to > over 500 until it ends.. since ssh has to generate a key, etc.. it takes > very little to get the load like that.. This is already known. Thousands or tens of thousands of ssh processes are opened up, seriously overloading the CPU. It should be deemed classic, and I think there's a way to limit the maximum amount of connections on that port in inetd.conf. -- Chris Costello <chris@calldei.com> Justify my text? I'm sorry but it has no excuse. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990624190910.C42754>