Date: Mon, 16 Apr 2001 19:39:40 +0200 (CEST) From: Attila Nagy <bra@fsn.hu> To: Poul-Henning Kamp <phk@critter.freebsd.dk> Cc: <cvs-committers@FreeBSD.org>, <cvs-all@FreeBSD.org> Subject: Re: cvs commit: src/libexec/ftpd ftpcmd.y ftpd.8 Message-ID: <20010416192001.G95619-100000@scribble.fsn.hu> In-Reply-To: <3369.987434963@critter>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello, > >> Add the "SITE MD5 filename" facility. > There are other uses of ftp besides anonymous, but you are right, it > probably should be allowed in anonymous mode too. I think this SITE MD5 stuff is very useful for us, who have FTP sites with large files (ISOs). I am very glad to see this functionality, but care must be taken, because it could be lead to a DoS. If a server has an FTP concurrency limit of 750. When this is full, the machine can serve the requests, because they are simple file transfers and there are too many limiting factor in the IO, which bounds the transfers. But when the attacker uses 750 SITE MD5 it will eat both the processor and the IO capacity of the machine. So it would be nice to limit these concurrent MD5 requests and/or to introduce an MD5 cache (this would be useful for the anonymous FTP server case). -------------------------------------------------------------------------- Attila Nagy e-mail: Attila.Nagy@fsn.hu Budapest Polytechnic (BMF.HU) @work: +361 210 1415 (194) H-1084 Budapest, Tavaszmezo u. 15-17. cell.: +3630 306 6758 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010416192001.G95619-100000>