Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 28 Mar 2001 21:33:35 -0500
From:      Pete Fritchman <petef@databits.net>
To:        Kal Torak <kaltorak@quake.com.au>
Cc:        freebsd-isp@freebsd.org
Subject:   Re:  DOS Attack? "No memory for tx list, out of mbufs"
Message-ID:  <20010328213335.B4751@databits.net>
In-Reply-To: <3AC29DB4.7EBD2143@quake.com.au>; from kaltorak@quake.com.au on Thu, Mar 29, 2001 at 12:28:04PM %2B1000
References:  <3AC201D1.5B167E0F@tacni.net> <3AC29DB4.7EBD2143@quake.com.au>
next in thread | previous in thread | raw e-mail | index | archive | help 
That glob attack will only affect the server's CPU usage, it won't take
up mbufs.  I'm not so sure this is definately a DOS attack.  Just up your
NMBCLUSTERS option and see how things go.

-pete

++ 29/03/01 12:28 +1000 - Kal Torak:
>Tom ONeil wrote:
>> 
>>  Greetings All and thanks for the help over the years,
>> 
>>  Got this in the logs, machine was locked up and had to reboot.
>> 
>> Mar 27 23:13:45 pendragon proftpd[58667]: pendragon.tacni.net
>> (XXX.XXX.XXX.XXX[XXX.XXX.XXX.XXX]) - FTP session closed.
>> Mar 28 07:08:05 pendragon /kernel: rl0: no memory for tx list
>> Mar 28 07:08:05 pendragon /kernel: rl0: out of mbufs, tried to copy 86
>> bytes
>
>
>Have you got the latest version of proftpd? There is a DoS attack for
>it atm, in phrasing things like:
>ls */../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*
>
>Infact I dont think there is a patch to fix this yet... You should check
>the proftpd site...
>A few things to stop the attack would be to start proftpd with some ulimits
>so it cant take all the system resources, also in your config put something
>like DenyFilter \*.*/
>
>Hope that helps!
>
>To Unsubscribe: send mail to majordomo@FreeBSD.org
>with "unsubscribe freebsd-isp" in the body of the message
--
Pete Fritchman <petef@databits.net>
Databits Network Services, Inc. <http://databits.net>;
finger petef@databits.net for PGP key


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010328213335.B4751>