From owner-freebsd-security  Sun Dec 20 10:13:51 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id KAA04504
          for freebsd-security-outgoing; Sun, 20 Dec 1998 10:13:51 -0800 (PST)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from dragon.acadiau.ca (dragon.acadiau.ca [131.162.1.79])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id KAA04499
          for <security@FreeBSD.ORG>; Sun, 20 Dec 1998 10:13:49 -0800 (PST)
          (envelope-from 026809r@dragon.acadiau.ca)
Received: from dragon (dragon [131.162.1.79])
	by dragon.acadiau.ca (8.8.5/8.8.5) with ESMTP id OAA23068;
	Sun, 20 Dec 1998 14:13:45 -0400 (AST)
Date: Sun, 20 Dec 1998 14:13:45 -0400 (AST)
From: Michael Richards <026809r@acadiau.ca>
X-Sender: 026809r@dragon
To: "Joseph T. Lee" <nugundam@la.best.com>
cc: security@FreeBSD.ORG
Subject: Re: nmap crashes inetd/portmap on 2.2.6
In-Reply-To: <19981220065801.A16429@la.best.com>
Message-ID: <Pine.GSO.4.05.9812201413310.22893-100000@dragon>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

> If I strobe my FreeBSD 3.0-current system, it gets to the point where
> it looks like a DoS attack:

> Dec 20 06:51:43 greenwood3 /kernel: icmp-response bandwidth limit
585/100 pps
Neato. How does one enable this ping limitation?

> Dec 20 06:51:45 greenwood3 identd[32584]: getbuf: bad address (000186c0
not in f0100000-0xFFC00000) - ofile
> Dec 20 06:51:45 greenwood3 identd[32584]: k_getuid retries: 1
> Dec 20 06:51:47 greenwood3 syslogd: /dev/console: Too many open files in
system: Too many open files in system
> Dec 20 06:51:47 greenwood3 syslogd: /var/run/utmp: Too many open files
in system
> Dec 20 06:51:47 greenwood3 syslogd: /var/run/utmp: Too many open files
in system
> Dec 20 06:51:47 greenwood3 /kernel: file: table is full
Here is what I have noticed. If you are running tcpwrappers or something
that will try to ident every connection, it starts up enough ident
processes that bad things like this start happening. At one point, my PC's
load average was up to 45 because of someone portscanning me. I looked,
and for some reason, there were about 100 ident processes running. Then I
started getting errors like those above. At the time, it was a 3.0-BETA
system.

-Michael



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message