From owner-freebsd-security Thu Mar 15 22:37:42 2001 Delivered-To: freebsd-security@freebsd.org Received: from mailhost01.reflexnet.net (mailhost01.reflexnet.net [64.6.192.82]) by hub.freebsd.org (Postfix) with ESMTP id A202237B718 for ; Thu, 15 Mar 2001 22:37:40 -0800 (PST) (envelope-from cjc@rfx-216-196-73-168.users.reflexcom.com) Received: from rfx-216-196-73-168.users.reflexcom.com ([216.196.73.168]) by mailhost01.reflexnet.net with Microsoft SMTPSVC(5.5.1877.197.19); Thu, 15 Mar 2001 22:35:38 -0800 Received: (from cjc@localhost) by rfx-216-196-73-168.users.reflexcom.com (8.11.1/8.11.1) id f2G6bbD09511; Thu, 15 Mar 2001 22:37:37 -0800 (PST) (envelope-from cjc) Date: Thu, 15 Mar 2001 22:37:36 -0800 From: "Crist J. Clark" To: Kris Kennaway Cc: "Michael A. Dickerson" , freebsd-security@FreeBSD.ORG Subject: Re: Multiple vendors FTP denial of service (fwd) Message-ID: <20010315223736.C28471@rfx-216-196-73-168.users.reflex> Reply-To: cjclark@alum.mit.edu References: <98righ$100l$1@FreeBSD.csie.NCTU.edu.tw> <004b01c0ada9$99f7b540$db9497cf@singingtree.com> <20010315215913.A70990@mollari.cthul.hu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20010315215913.A70990@mollari.cthul.hu>; from kris@obsecurity.org on Thu, Mar 15, 2001 at 09:59:13PM -0800 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, Mar 15, 2001 at 09:59:13PM -0800, Kris Kennaway wrote: > On Thu, Mar 15, 2001 at 03:42:29PM -0800, Michael A. Dickerson wrote: > > > 4.1 from Aug 10th is hurt by it. > > > > > > ---Mike > > > > > > > So is 4.3-beta (otherwise known as 4-stable) from March 8. ftpd uses 100% > > cpu and memory use grows until the kernel runs out of swap space and starts > > killing processes. This was an ftp connection with a regular username and > > password, in an average home directory. > > I'm pretty sure (but haven't tested) that resource limits will prevent > this problem. Your ftpd shouldn't be using large amount of memory > under normal operating procedures, so you can set those to reasonable > values and not suffer any ill effects. And this really does not have a lot directly to do with ftpd. Try, $ ls */../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/ At a command line and watch what the shell does. It's a general globbing issue. Anyway, as for ftpd, all a user can kill the ftpd process they are using provided, as Kris points out, resource limits are set appropriately. The user can do pretty much the same thing by logging out. -- Crist J. Clark cjclark@alum.mit.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message