From owner-cvs-etc Mon Oct 27 11:43:48 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id LAA18197 for cvs-etc-outgoing; Mon, 27 Oct 1997 11:43:48 -0800 (PST) (envelope-from owner-cvs-etc) Received: from lsd.relcom.eu.net (lsd.relcom.eu.net [193.124.23.23]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id LAA18106; Mon, 27 Oct 1997 11:41:57 -0800 (PST) (envelope-from ache@lsd.relcom.eu.net) Received: (from ache@localhost) by lsd.relcom.eu.net (8.8.7/8.8.7) id WAA01586; Mon, 27 Oct 1997 22:41:46 +0300 (MSK) (envelope-from ache) Date: Mon, 27 Oct 1997 22:41:45 +0300 (MSK) From: =?KOI8-R?B?4c7E0sXKIP7F0s7P1w==?= X-Sender: ache@lsd.relcom.eu.net To: Guido van Rooij cc: Nate Williams , tom@uniserve.com, cvs-committers@FreeBSD.ORG, cvs-all@FreeBSD.ORG, cvs-etc@FreeBSD.ORG Subject: Re: Fingerd problems (was Re: cvs commit: src/etc master.passwd) In-Reply-To: <199710271839.TAA02224@gvr.gvr.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-cvs-etc@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk On Mon, 27 Oct 1997, Guido van Rooij wrote: > Nate Williams wrote: > > > A problem with fingerd is that is does fuzzy lookups by default. If > > > /etc/master.passwd is large, it will use a significant amount of CPU. > > > Starting up 30-40 fingerds makes an easy and effective DoS attack. > > > > If this is a problem, disable fingerd. If that's not feasible, then I > > think your other solution is really the only other solution (limiting > > the # of fingerd's that should run.) You can already limit maximum number of fingerd's by "/30" suffix, see inetd.conf(8) -- Andrey A. Chernov http://www.nagual.pp.ru/~ache/