Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 27 Oct 1997 22:41:45 +0300 (MSK)
From:      =?KOI8-R?B?4c7E0sXKIP7F0s7P1w==?= <ache@nagual.pp.ru>
To:        Guido van Rooij <guido@gvr.org>
Cc:        Nate Williams <nate@mt.sri.com>, tom@uniserve.com, cvs-committers@FreeBSD.ORG, cvs-all@FreeBSD.ORG, cvs-etc@FreeBSD.ORG
Subject:   Re: Fingerd problems (was Re: cvs commit: src/etc master.passwd)
Message-ID:  <Pine.BSF.3.96.971027223907.1187B-100000@lsd.relcom.eu.net>
In-Reply-To: <199710271839.TAA02224@gvr.gvr.org>

next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 27 Oct 1997, Guido van Rooij wrote:

> Nate Williams wrote:
> > >   A problem with fingerd is that is does fuzzy lookups by default.  If
> > > /etc/master.passwd is large, it will use a significant amount of CPU.
> > > Starting up 30-40 fingerds makes an easy and effective DoS attack.
> > 
> > If this is a problem, disable fingerd.  If that's not feasible, then I
> > think your other solution is really the only other solution (limiting
> > the # of fingerd's that should run.)

You can already limit maximum number of fingerd's by "/30" suffix, see
inetd.conf(8)

-- 
Andrey A. Chernov
<ache@nietzsche.net>
http://www.nagual.pp.ru/~ache/




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.971027223907.1187B-100000>