Date: Wed, 6 Dec 2000 10:18:55 -0600 From: Bill Fumerola <billf@mu.org> To: Sebastiaan van Erk <sebster@sebster.com> Cc: freebsd-security@freebsd.org Subject: Re: rx list Message-ID: <20001206101855.L86825@elvis.mu.org> In-Reply-To: <20001206081549.A49341@sebster.com>; from sebster@sebster.com on Wed, Dec 06, 2000 at 08:15:49AM %2B0100 References: <20001206081549.A49341@sebster.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Dec 06, 2000 at 08:15:49AM +0100, Sebastiaan van Erk wrote:
> Dec 6 00:09:43 hobbes /kernel: Out of mbuf clusters - adjust NMBCLUSTERS or inc
> rease maxusers!
> Dec 6 00:09:43 hobbes /kernel: xl2: no memory for rx list -- packet dropped!
> Dec 6 00:09:43 hobbes /kernel: xl1: no memory for rx list -- packet dropped!
>
> I checked on the net, but it seems to suggest that systems after 3.2 and 4.0
> should be safe. Also I don't see any patches.
>
> How likely is it that this is a DoS attack (note that we also get the message
> on the internal interface!)? And how do I go about fixing it? (I can increase
> maxusers and NMBCLUSTERS, but then how do I know it's not going to happen
> again?).
Uhm. How are you going to know you're not getting DoSed again? You don't.
Increase NMBCLUSTERS, rate limit the bad mojo further upstream, use icmplim,
use tcpdump. In other words, be a sysadmin.
--
Bill Fumerola - security yahoo / Yahoo! inc.
- fumerola@yahoo-inc.com / billf@FreeBSD.org
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001206101855.L86825>