Date: Fri, 22 May 2009 13:16:01 -0400 From: John Baldwin <jhb@freebsd.org> To: Rick Macklem <rmacklem@uoguelph.ca> Cc: svn-src-head@freebsd.org, Dag-Erling =?iso-8859-1?q?Sm=F8rgrav?= <des@des.no>, svn-src-all@freebsd.org, src-committers@freebsd.org, Rick Macklem <rmacklem@freebsd.org> Subject: Re: svn commit: r192463 - head/sys/fs/nfsserver Message-ID: <200905221316.02366.jhb@freebsd.org> In-Reply-To: <Pine.GSO.4.63.0905221157580.14855@muncher.cs.uoguelph.ca> References: <200905201858.n4KIw7Fc040619@svn.freebsd.org> <200905221118.48669.jhb@freebsd.org> <Pine.GSO.4.63.0905221157580.14855@muncher.cs.uoguelph.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
On Friday 22 May 2009 12:19:32 pm Rick Macklem wrote: > > On Fri, 22 May 2009, John Baldwin wrote: > > > > > What about a malicious denial-of-service attack where a malicious client > > initiates an endless stream of connection attempts to force a panic? I think > > that is where the concern lies. I'm sure a malicious client could do it > > intentionally in less than 136 years, perhaps on the order of seconds and/or > > minutes? :) > > > I think blocking IP#s at some external firewall is going to be the only > way to survive such an attack, but I suppose it's nice if the server > doesn't reboot during the attack and just gets really really slow. Yes, I think that is very reasonable and I wouldn't expect anything more than that. Thanks. -- John Baldwin
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200905221316.02366.jhb>