From owner-freebsd-current  Wed Jul  8 18:47:22 1998
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id SAA02317
          for freebsd-current-outgoing; Wed, 8 Jul 1998 18:47:22 -0700 (PDT)
          (envelope-from owner-freebsd-current@FreeBSD.ORG)
Received: from bandicoot.prth.tensor.pgs.com (bandicoot.prth.tensor.pgs.com [157.147.224.1])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id SAA02302
          for <current@freebsd.org>; Wed, 8 Jul 1998 18:47:17 -0700 (PDT)
          (envelope-from shocking@ariadne.prth.tensor.pgs.com)
Received: from ariadne.tensor.pgs.com (ariadne [157.147.227.36])
	by bandicoot.prth.tensor.pgs.com (8.8.8/8.8.8) with SMTP id JAA16245;
	Thu, 9 Jul 1998 09:46:13 +0800 (WST)
Received: from ariadne by ariadne.tensor.pgs.com (SMI-8.6/SMI-SVR4)
	id JAA15831; Thu, 9 Jul 1998 09:46:38 +0800
Message-Id: <199807090146.JAA15831@ariadne.tensor.pgs.com>
X-Mailer: exmh version 2.0.2 2/24/98
To: "Daniel O'Connor" <doconnor@gsoft.com.au>
cc: current@FreeBSD.ORG
Subject: Re: Rate limit for system calls to prevent denial of service attacks? 
In-reply-to: Your message of "Thu, 09 Jul 1998 10:30:23 +0930."
             <199807090100.KAA20575@cain.gsoft.com.au> 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Thu, 09 Jul 1998 09:46:38 +0800
From: Stephen Hocking-Senior Programmer PGS Tensor Perth <shocking@prth.pgs.com>
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

> 
> > Limiting CPU time per process or user is probably not sufficient,
> > unless you set it to absurdly small limits. It looks to me like we
> > need some sort of *rate limiting* for system calls. Anybody looked
> > at this?
> Hmm.. a neat idea :)
> I think this in conjunction with a decent sized process limit would be quite 
> useful.

Why does this whole discussion remind me of Softway's Fair SHare Scheduler, 
which was developed for a student environment? Basically, if the machine's 
under load, it allows you to limit the CPU used by a given group to X%. It was 
the subject of a couple of Usenix papers in the 80s as I recall. Sheesh, I'm 
sure BDE's heard of it, being a part of the Sydney Unix Mafia.


	Stephen


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message