From owner-freebsd-stable Thu Jun 24 17: 9:43 1999 Delivered-To: freebsd-stable@freebsd.org Received: from leap.innerx.net (leap.innerx.net [38.179.176.25]) by hub.freebsd.org (Postfix) with ESMTP id 5B0CE150EE for ; Thu, 24 Jun 1999 17:09:41 -0700 (PDT) (envelope-from chris@holly.dyndns.org) Received: from holly.dyndns.org (ip28.houston3.tx.pub-ip.psi.net [38.12.169.28]) by leap.innerx.net (Postfix) with ESMTP id 3FB52371BF; Thu, 24 Jun 1999 20:09:17 -0400 (EDT) Received: (from chris@localhost) by holly.dyndns.org (8.9.3/8.9.3) id TAA43471; Thu, 24 Jun 1999 19:09:10 -0500 (CDT) (envelope-from chris) Date: Thu, 24 Jun 1999 19:09:10 -0500 From: Chris Costello To: # rm -rf /* Cc: Seth , stable@FreeBSD.ORG Subject: Re: DoS?? Message-ID: <19990624190910.C42754@holly.dyndns.org> Reply-To: chris@calldei.com References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii User-Agent: Mutt/0.96.3i In-Reply-To: ; from # rm -rf /* on Thu, Jun 24, 1999 at 12:47:27PM -0600 Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Thu, Jun 24, 1999, # rm -rf /* wrote: > All I can really say is that in the netstat -a.. it was like a syn flood > except all the connections were established on the ssh port.. we have > figured out that it just overloads the cpu, bringing the load averages to > over 500 until it ends.. since ssh has to generate a key, etc.. it takes > very little to get the load like that.. This is already known. Thousands or tens of thousands of ssh processes are opened up, seriously overloading the CPU. It should be deemed classic, and I think there's a way to limit the maximum amount of connections on that port in inetd.conf. -- Chris Costello Justify my text? I'm sorry but it has no excuse. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message