Date: Mon, 27 Oct 1997 19:39:50 +0100 (MET) From: Guido van Rooij <guido@gvr.org> To: nate@mt.sri.com (Nate Williams) Cc: tom@uniserve.com, nate@mt.sri.com, ache@FreeBSD.ORG, cvs-committers@FreeBSD.ORG, cvs-all@FreeBSD.ORG, cvs-etc@FreeBSD.ORG Subject: Re: Fingerd problems (was Re: cvs commit: src/etc master.passwd) Message-ID: <199710271839.TAA02224@gvr.gvr.org> In-Reply-To: <199710271743.KAA00685@rocky.mt.sri.com> from Nate Williams at "Oct 27, 97 10:43:05 am"
next in thread | previous in thread | raw e-mail | index | archive | help
Nate Williams wrote: > > A problem with fingerd is that is does fuzzy lookups by default. If > > /etc/master.passwd is large, it will use a significant amount of CPU. > > Starting up 30-40 fingerds makes an easy and effective DoS attack. > > If this is a problem, disable fingerd. If that's not feasible, then I > think your other solution is really the only other solution (limiting > the # of fingerd's that should run.) Perhaps implement a switch to fingerd disallowing the fuzzy lookups. Now that I think of it: It should be part of the -s flag as it gives an easy way of guessing usernames. (consider taht a *lot* of ppl in the netherlands have either 'van' or 'de' as a separate word in their family name). -Guido
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199710271839.TAA02224>