From owner-freebsd-security Wed Dec 6 8:19: 3 2000 From owner-freebsd-security@FreeBSD.ORG Wed Dec 6 08:19:01 2000 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from elvis.mu.org (elvis.mu.org [207.154.226.10]) by hub.freebsd.org (Postfix) with ESMTP id 570D037B400 for ; Wed, 6 Dec 2000 08:19:01 -0800 (PST) Received: by elvis.mu.org (Postfix, from userid 1098) id CB2DE2B284; Wed, 6 Dec 2000 10:18:55 -0600 (CST) Date: Wed, 6 Dec 2000 10:18:55 -0600 From: Bill Fumerola To: Sebastiaan van Erk Cc: freebsd-security@freebsd.org Subject: Re: rx list Message-ID: <20001206101855.L86825@elvis.mu.org> References: <20001206081549.A49341@sebster.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20001206081549.A49341@sebster.com>; from sebster@sebster.com on Wed, Dec 06, 2000 at 08:15:49AM +0100 X-Operating-System: FreeBSD 4.2-FEARSOME-20001103 i386 Sender: billf@elvis.mu.org Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, Dec 06, 2000 at 08:15:49AM +0100, Sebastiaan van Erk wrote: > Dec 6 00:09:43 hobbes /kernel: Out of mbuf clusters - adjust NMBCLUSTERS or inc > rease maxusers! > Dec 6 00:09:43 hobbes /kernel: xl2: no memory for rx list -- packet dropped! > Dec 6 00:09:43 hobbes /kernel: xl1: no memory for rx list -- packet dropped! > > I checked on the net, but it seems to suggest that systems after 3.2 and 4.0 > should be safe. Also I don't see any patches. > > How likely is it that this is a DoS attack (note that we also get the message > on the internal interface!)? And how do I go about fixing it? (I can increase > maxusers and NMBCLUSTERS, but then how do I know it's not going to happen > again?). Uhm. How are you going to know you're not getting DoSed again? You don't. Increase NMBCLUSTERS, rate limit the bad mojo further upstream, use icmplim, use tcpdump. In other words, be a sysadmin. -- Bill Fumerola - security yahoo / Yahoo! inc. - fumerola@yahoo-inc.com / billf@FreeBSD.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message