Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 15 Mar 2001 22:37:36 -0800
From:      "Crist J. Clark" <cjclark@reflexnet.net>
To:        Kris Kennaway <kris@obsecurity.org>
Cc:        "Michael A. Dickerson" <mikey@singingtree.com>, freebsd-security@FreeBSD.ORG
Subject:   Re: Multiple vendors FTP denial of service (fwd)
Message-ID:  <20010315223736.C28471@rfx-216-196-73-168.users.reflex>
In-Reply-To: <20010315215913.A70990@mollari.cthul.hu>; from kris@obsecurity.org on Thu, Mar 15, 2001 at 09:59:13PM -0800
References:  <98righ$100l$1@FreeBSD.csie.NCTU.edu.tw> <004b01c0ada9$99f7b540$db9497cf@singingtree.com> <20010315215913.A70990@mollari.cthul.hu>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Thu, Mar 15, 2001 at 09:59:13PM -0800, Kris Kennaway wrote:
> On Thu, Mar 15, 2001 at 03:42:29PM -0800, Michael A. Dickerson wrote:
> > > 4.1 from Aug 10th is hurt by it.
> > >
> > >          ---Mike
> > >
> > 
> > So is 4.3-beta (otherwise known as 4-stable) from March 8.  ftpd uses 100%
> > cpu and memory use grows until the kernel runs out of swap space and starts
> > killing processes.  This was an ftp connection with a regular username and
> > password, in an average home directory.
> 
> I'm pretty sure (but haven't tested) that resource limits will prevent
> this problem.  Your ftpd shouldn't be using large amount of memory
> under normal operating procedures, so you can set those to reasonable
> values and not suffer any ill effects.

And this really does not have a lot directly to do with ftpd. Try,

  $ ls */../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/

At a command line and watch what the shell does. It's a general
globbing issue.

Anyway, as for ftpd, all a user can kill the ftpd process they are
using provided, as Kris points out, resource limits are set
appropriately. The user can do pretty much the same thing by logging
out.
-- 
Crist J. Clark                           cjclark@alum.mit.edu

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010315223736.C28471>