Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 20 Dec 1998 12:05:42 -0800 (PST)
From:      Matthew Dillon <dillon@apollo.backplane.com>
To:        Michael Richards <026809r@acadiau.ca>
Cc:        "Joseph T. Lee" <nugundam@la.best.com>, security@FreeBSD.ORG
Subject:   Re: nmap crashes inetd/portmap on 2.2.6
Message-ID:  <199812202005.MAA33947@apollo.backplane.com>
References:   <Pine.GSO.4.05.9812201413310.22893-100000@dragon>
next in thread | previous in thread | raw e-mail | index | archive | help 
:> If I strobe my FreeBSD 3.0-current system, it gets to the point where
:> it looks like a DoS attack:
:
:> Dec 20 06:51:43 greenwood3 /kernel: icmp-response bandwidth limit
:585/100 pps
:Neato. How does one enable this ping limitation?
:
:> Dec 20 06:51:45 greenwood3 identd[32584]: getbuf: bad address (000186c0
:not in f0100000-0xFFC00000) - ofile
:> Dec 20 06:51:45 greenwood3 identd[32584]: k_getuid retries: 1
:> Dec 20 06:51:47 greenwood3 syslogd: /dev/console: Too many open files in
:system: Too many open files in system
:> Dec 20 06:51:47 greenwood3 syslogd: /var/run/utmp: Too many open files
:in system
:> Dec 20 06:51:47 greenwood3 syslogd: /var/run/utmp: Too many open files
:in system
:> Dec 20 06:51:47 greenwood3 /kernel: file: table is full
:Here is what I have noticed. If you are running tcpwrappers or something
:that will try to ident every connection, it starts up enough ident
:processes that bad things like this start happening. At one point, my PC's
:load average was up to 45 because of someone portscanning me. I looked,
:and for some reason, there were about 100 ident processes running. Then I
:started getting errors like those above. At the time, it was a 3.0-BETA
:system.
:
:-Michael

    I've added a section on DOS attacks to my security(1) man page
    (/usr/src/share/man/man1/security.1 in the CVS tree)

					    -Matt

    Matthew Dillon  Engineering, HiWay Technologies, Inc. & BEST Internet 
                    Communications & God knows what else.
    <dillon@backplane.com> (Please include original email in any response)    

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199812202005.MAA33947>