From owner-freebsd-current@FreeBSD.ORG  Thu Nov 27 19:39:35 2003
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id EAD0516A4CE
	for <freebsd-current@freebsd.org>;
	Thu, 27 Nov 2003 19:39:35 -0800 (PST)
Received: from siralan.org (12-223-227-231.client.insightbb.com
	[12.223.227.231])
	by mx1.FreeBSD.org (Postfix) with ESMTP id EAE6643FAF
	for <freebsd-current@freebsd.org>;
	Thu, 27 Nov 2003 19:39:34 -0800 (PST)
	(envelope-from mikes@siralan.org)
Received: from siralan.org (localhost [127.0.0.1])
	by siralan.org (8.12.10/8.12.10) with ESMTP id hAS3dYss001849;
	Thu, 27 Nov 2003 22:39:34 -0500 (EST)
	(envelope-from mikes@siralan.org)
Received: (from mikes@localhost)
	by siralan.org (8.12.10/8.12.10/Submit) id hAS3dXV3001848;
	Thu, 27 Nov 2003 22:39:33 -0500 (EST)
	(envelope-from mikes)
From: "Michael L. Squires" <mikes@siralan.org>
Message-Id: <200311280339.hAS3dXV3001848@siralan.org>
To: n.b@myrealbox.com (Guy Van Sanden)
Date: Thu, 27 Nov 2003 22:39:33 -0500 (EST)
In-Reply-To: <1069948043.2861.28.camel@cronos.home.vsb> from "Guy Van Sanden"
	at Nov 27, 2003 04:47:23 PM
X-Mailer: ELM [version 2.5 PL6]
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
cc: FreeBSD current mailing list <freebsd-current@freebsd.org>
Subject: Re: 5.x DOS against NFS server
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 28 Nov 2003 03:39:36 -0000

Guy Van Sanden
> 
> I just ran nmap <host>...
> Nessus has the same effect.

When running "nmap <host> (nmap 2.53 on a 4.9-STABLE box)) against a 5.2-BETA 
host on the host I see

Nove 27 13:06:24 mikes sm-mta[483]: NOQUEUE: SYSERR(root): getrequests: accept: Software caused connection abort
Nove 27 13:06:24 mikes nfsd[392]: accept failed: Software caused connection abort

between messages about response rate limits to nmap queries.

On the client running 5.1-CURRENT with "bonnie" using a 100MB file
on a volume NFS mounted from the 5.2-BETA server there are no log
messages and no obvious error messages; "bonnie" finishes normally.

Mike Squires