From owner-freebsd-security  Sat Apr  8 15:41:45 1995
Return-Path: security-owner
Received: (from majordom@localhost)
          by freefall.cdrom.com (8.6.10/8.6.6) id PAA28284
          for security-outgoing; Sat, 8 Apr 1995 15:41:45 -0700
Received: from irbs.com ([199.182.75.129])
          by freefall.cdrom.com (8.6.10/8.6.6) with ESMTP id PAA28278
          for <freebsd-security@freebsd.org>; Sat, 8 Apr 1995 15:41:42 -0700
Received: (from jc@localhost) by irbs.com (8.6.11/8.6.6) id SAA00738 for freebsd-security@freebsd.org; Sat, 8 Apr 1995 18:41:39 -0400
From: John Capo <jc@irbs.com>
Message-Id: <199504082241.SAA00738@irbs.com>
Subject: Re: satan "heavy" mode attacks
To: freebsd-security@FreeBSD.org
Date: Sat, 8 Apr 1995 18:41:39 -0400 (EDT)
In-Reply-To: <199504081658.MAA29650@ns1.win.net> from "Mark Hittinger" at Apr 8, 95 12:58:56 pm
X-Mailer: ELM [version 2.4 PL24]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Content-Length: 561       
Sender: security-owner@FreeBSD.org
Precedence: bulk

Mark Hittinger writes:
> 
> 
> I've just read that some sites are reporting that using satan in its "heavy"
> mode will overload an inetd and make it toss its cookies.
> 
> There are reports that the activity also causes some firewall products to
> consume available memory and discontinue logging some things.
> 
> We probably need to double check our inetd and make sure it can deal with
> the resource overload issue.
> 

I have run the "heavy" Satan against four -current systems and
three 1.1.5.1 systems and they survived just fine.  YMMV :-)

John Capo