From owner-freebsd-security  Sun Dec 20 12:07:02 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id MAA15062
          for freebsd-security-outgoing; Sun, 20 Dec 1998 12:07:02 -0800 (PST)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from apollo.backplane.com (apollo.backplane.com [209.157.86.2])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id MAA15047
          for <security@FreeBSD.ORG>; Sun, 20 Dec 1998 12:07:00 -0800 (PST)
          (envelope-from dillon@apollo.backplane.com)
Received: (from dillon@localhost)
	by apollo.backplane.com (8.9.1/8.9.1) id MAA33947;
	Sun, 20 Dec 1998 12:05:42 -0800 (PST)
	(envelope-from dillon)
Date: Sun, 20 Dec 1998 12:05:42 -0800 (PST)
From: Matthew Dillon <dillon@apollo.backplane.com>
Message-Id: <199812202005.MAA33947@apollo.backplane.com>
To: Michael Richards <026809r@acadiau.ca>
Cc: "Joseph T. Lee" <nugundam@la.best.com>, security@FreeBSD.ORG
Subject: Re: nmap crashes inetd/portmap on 2.2.6
References:  <Pine.GSO.4.05.9812201413310.22893-100000@dragon>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

:> If I strobe my FreeBSD 3.0-current system, it gets to the point where
:> it looks like a DoS attack:
:
:> Dec 20 06:51:43 greenwood3 /kernel: icmp-response bandwidth limit
:585/100 pps
:Neato. How does one enable this ping limitation?
:
:> Dec 20 06:51:45 greenwood3 identd[32584]: getbuf: bad address (000186c0
:not in f0100000-0xFFC00000) - ofile
:> Dec 20 06:51:45 greenwood3 identd[32584]: k_getuid retries: 1
:> Dec 20 06:51:47 greenwood3 syslogd: /dev/console: Too many open files in
:system: Too many open files in system
:> Dec 20 06:51:47 greenwood3 syslogd: /var/run/utmp: Too many open files
:in system
:> Dec 20 06:51:47 greenwood3 syslogd: /var/run/utmp: Too many open files
:in system
:> Dec 20 06:51:47 greenwood3 /kernel: file: table is full
:Here is what I have noticed. If you are running tcpwrappers or something
:that will try to ident every connection, it starts up enough ident
:processes that bad things like this start happening. At one point, my PC's
:load average was up to 45 because of someone portscanning me. I looked,
:and for some reason, there were about 100 ident processes running. Then I
:started getting errors like those above. At the time, it was a 3.0-BETA
:system.
:
:-Michael

    I've added a section on DOS attacks to my security(1) man page
    (/usr/src/share/man/man1/security.1 in the CVS tree)

					    -Matt

    Matthew Dillon  Engineering, HiWay Technologies, Inc. & BEST Internet 
                    Communications & God knows what else.
    <dillon@backplane.com> (Please include original email in any response)    

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message