Date: Mon, 27 Oct 1997 22:41:45 +0300 (MSK) From: =?KOI8-R?B?4c7E0sXKIP7F0s7P1w==?= <ache@nagual.pp.ru> To: Guido van Rooij <guido@gvr.org> Cc: Nate Williams <nate@mt.sri.com>, tom@uniserve.com, cvs-committers@FreeBSD.ORG, cvs-all@FreeBSD.ORG, cvs-etc@FreeBSD.ORG Subject: Re: Fingerd problems (was Re: cvs commit: src/etc master.passwd) Message-ID: <Pine.BSF.3.96.971027223907.1187B-100000@lsd.relcom.eu.net> In-Reply-To: <199710271839.TAA02224@gvr.gvr.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 27 Oct 1997, Guido van Rooij wrote: > Nate Williams wrote: > > > A problem with fingerd is that is does fuzzy lookups by default. If > > > /etc/master.passwd is large, it will use a significant amount of CPU. > > > Starting up 30-40 fingerds makes an easy and effective DoS attack. > > > > If this is a problem, disable fingerd. If that's not feasible, then I > > think your other solution is really the only other solution (limiting > > the # of fingerd's that should run.) You can already limit maximum number of fingerd's by "/30" suffix, see inetd.conf(8) -- Andrey A. Chernov <ache@nietzsche.net> http://www.nagual.pp.ru/~ache/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.971027223907.1187B-100000>