From owner-freebsd-isp  Wed Mar 28 18:33:40 2001
Delivered-To: freebsd-isp@freebsd.org
Received: from hex.databits.net (hex.databits.net [207.29.192.16])
	by hub.freebsd.org (Postfix) with SMTP id A0F1C37B722
	for <freebsd-isp@freebsd.org>; Wed, 28 Mar 2001 18:33:35 -0800 (PST)
	(envelope-from petef@hex.databits.net)
Received: (qmail 4950 invoked by uid 1001); 29 Mar 2001 02:33:35 -0000
Date: Wed, 28 Mar 2001 21:33:35 -0500
From: Pete Fritchman <petef@databits.net>
To: Kal Torak <kaltorak@quake.com.au>
Cc: freebsd-isp@freebsd.org
Subject: Re:  DOS Attack? "No memory for tx list, out of mbufs"
Message-ID: <20010328213335.B4751@databits.net>
References: <3AC201D1.5B167E0F@tacni.net> <3AC29DB4.7EBD2143@quake.com.au>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <3AC29DB4.7EBD2143@quake.com.au>; from kaltorak@quake.com.au on Thu, Mar 29, 2001 at 12:28:04PM +1000
Sender: owner-freebsd-isp@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

That glob attack will only affect the server's CPU usage, it won't take
up mbufs.  I'm not so sure this is definately a DOS attack.  Just up your
NMBCLUSTERS option and see how things go.

-pete

++ 29/03/01 12:28 +1000 - Kal Torak:
>Tom ONeil wrote:
>> 
>>  Greetings All and thanks for the help over the years,
>> 
>>  Got this in the logs, machine was locked up and had to reboot.
>> 
>> Mar 27 23:13:45 pendragon proftpd[58667]: pendragon.tacni.net
>> (XXX.XXX.XXX.XXX[XXX.XXX.XXX.XXX]) - FTP session closed.
>> Mar 28 07:08:05 pendragon /kernel: rl0: no memory for tx list
>> Mar 28 07:08:05 pendragon /kernel: rl0: out of mbufs, tried to copy 86
>> bytes
>
>
>Have you got the latest version of proftpd? There is a DoS attack for
>it atm, in phrasing things like:
>ls */../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*
>
>Infact I dont think there is a patch to fix this yet... You should check
>the proftpd site...
>A few things to stop the attack would be to start proftpd with some ulimits
>so it cant take all the system resources, also in your config put something
>like DenyFilter \*.*/
>
>Hope that helps!
>
>To Unsubscribe: send mail to majordomo@FreeBSD.org
>with "unsubscribe freebsd-isp" in the body of the message
--
Pete Fritchman <petef@databits.net>
Databits Network Services, Inc. <http://databits.net>
finger petef@databits.net for PGP key


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message