From owner-cvs-etc Mon Oct 27 11:21:32 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id LAA16810 for cvs-etc-outgoing; Mon, 27 Oct 1997 11:21:32 -0800 (PST) (envelope-from owner-cvs-etc) Received: from gvr.gvr.org (root@gvr.gvr.org [194.151.74.97]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id LAA16730; Mon, 27 Oct 1997 11:21:02 -0800 (PST) (envelope-from guido@gvr.org) Received: (from guido@localhost) by gvr.gvr.org (8.8.6/8.8.5) id TAA02054; Mon, 27 Oct 1997 19:30:47 +0100 (MET) From: Guido van Rooij Message-Id: <199710271830.TAA02054@gvr.gvr.org> Subject: Re: cvs commit: src/etc master.passwd In-Reply-To: from Tom at "Oct 27, 97 09:39:16 am" To: tom@uniserve.com (Tom) Date: Mon, 27 Oct 1997 19:30:47 +0100 (MET) Cc: nate@mt.sri.com, ache@FreeBSD.ORG, cvs-committers@FreeBSD.ORG, cvs-all@FreeBSD.ORG, cvs-etc@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL32 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-cvs-etc@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk > > A problem with fingerd is that is does fuzzy lookups by default. If > /etc/master.passwd is large, it will use a significant amount of CPU. > Starting up 30-40 fingerds makes an easy and effective DoS attack. I had > this happen to me. I now use xinetd to limit the number of simultaneous > fingerd's, but an effective login class would be good too. You don;t need xinetd to do that; our inetd has the same possibilities. -Guido