From owner-svn-src-all@FreeBSD.ORG  Fri May 22 17:46:38 2009
Return-Path: <owner-svn-src-all@FreeBSD.ORG>
Delivered-To: svn-src-all@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 18149106566B;
	Fri, 22 May 2009 17:46:38 +0000 (UTC) (envelope-from jhb@freebsd.org)
Received: from cyrus.watson.org (cyrus.watson.org [65.122.17.42])
	by mx1.freebsd.org (Postfix) with ESMTP id DA25E8FC0C;
	Fri, 22 May 2009 17:46:37 +0000 (UTC) (envelope-from jhb@freebsd.org)
Received: from bigwig.baldwin.cx (66.111.2.69.static.nyinternet.net
	[66.111.2.69])
	by cyrus.watson.org (Postfix) with ESMTPSA id 8807446B96;
	Fri, 22 May 2009 13:46:37 -0400 (EDT)
Received: from jhbbsd.hudson-trading.com (unknown [209.249.190.8])
	by bigwig.baldwin.cx (Postfix) with ESMTPA id 461208A028;
	Fri, 22 May 2009 13:46:36 -0400 (EDT)
From: John Baldwin <jhb@freebsd.org>
To: Rick Macklem <rmacklem@uoguelph.ca>
Date: Fri, 22 May 2009 13:16:01 -0400
User-Agent: KMail/1.9.7
References: <200905201858.n4KIw7Fc040619@svn.freebsd.org>
	<200905221118.48669.jhb@freebsd.org>
	<Pine.GSO.4.63.0905221157580.14855@muncher.cs.uoguelph.ca>
In-Reply-To: <Pine.GSO.4.63.0905221157580.14855@muncher.cs.uoguelph.ca>
MIME-Version: 1.0
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Message-Id: <200905221316.02366.jhb@freebsd.org>
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.0.1
	(bigwig.baldwin.cx); Fri, 22 May 2009 13:46:36 -0400 (EDT)
X-Virus-Scanned: clamav-milter 0.95 at bigwig.baldwin.cx
X-Virus-Status: Clean
X-Spam-Status: No, score=-2.5 required=4.2 tests=AWL,BAYES_00,RDNS_NONE
	autolearn=no version=3.2.5
X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on bigwig.baldwin.cx
Cc: svn-src-head@freebsd.org,
	Dag-Erling =?iso-8859-1?q?Sm=F8rgrav?= <des@des.no>,
	svn-src-all@freebsd.org, src-committers@freebsd.org,
	Rick Macklem <rmacklem@freebsd.org>
Subject: Re: svn commit: r192463 - head/sys/fs/nfsserver
X-BeenThere: svn-src-all@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "SVN commit messages for the entire src tree \(except for &quot;
	user&quot; and &quot; projects&quot; \)" <svn-src-all.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-all>,
	<mailto:svn-src-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-all>
List-Post: <mailto:svn-src-all@freebsd.org>
List-Help: <mailto:svn-src-all-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-all>,
	<mailto:svn-src-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 22 May 2009 17:46:38 -0000

On Friday 22 May 2009 12:19:32 pm Rick Macklem wrote:
> 
> On Fri, 22 May 2009, John Baldwin wrote:
> 
> >
> > What about a malicious denial-of-service attack where a malicious client
> > initiates an endless stream of connection attempts to force a panic?  I 
think
> > that is where the concern lies.  I'm sure a malicious client could do it
> > intentionally in less than 136 years, perhaps on the order of seconds 
and/or
> > minutes? :)
> >
> I think blocking IP#s at some external firewall is going to be the only
> way to survive such an attack, but I suppose it's nice if the server
> doesn't reboot during the attack and just gets really really slow.

Yes, I think that is very reasonable and I wouldn't expect anything more than 
that.  Thanks.

-- 
John Baldwin